Facilitating telemetry data communication security between an implantable device and an external device

ABSTRACT

Systems, apparatus, methods and non-transitory computer readable media facilitating telemetry data communication security between an implantable device and an external clinician device are provided. An implantable device can include a security component configured to generate security information based on reception of a clinician telemetry session request from the clinician device via a first telemetry communication protocol. The security information can include a session identifier and a first session key, and the clinician telemetry session request can include a clinician device identifier associated with the clinician device. The implantable device can further include a communication component configured to establish a clinician telemetry session with the clinician device using a second telemetry communication protocol based on determining that a connection request, received via the second telemetry communication protocol, was transmitted by the clinician device based on inclusion of the clinician device in the connection request.

This application is a continuation of U.S. patent application Ser. No.15/220,667, filed on Jul. 27, 2016, the entire content of which isincorporated herein by reference.

TECHNICAL FIELD

This disclosure relates generally to implantable devices and, moreparticularly, to systems, apparatus, methods and computer-readablestorage media facilitating telemetry data communication security betweenan implantable device and an external device.

BACKGROUND

Implantable medical devices (IMDs) are often utilized in modernhealthcare to facilitate the ability for patients to lead healthy andfull lives. For example, IMDs such as pacemakers, implantablecardioverter-defibrillators (ICDs), neurostimulators, and drug pumps canfacilitate management of a wide range of ailments, including, but notlimited to, cardiac arrhythmias, diabetes, and Parkinson's disease.Patients and medical care providers can monitor the IMD and assess apatient's current and historical physiological state to identifyconditions or predict impending events.

The sophistication of IMDs is evolving to provide for advanced computingand telemetry capabilities. There is a desire to use commerciallyavailable or non-proprietary telemetry communication protocols forwireless communication between implantable devices and external devicesin order to more easily facilitate widespread provisioning of telemetrysolutions. However, as commercially available telemetry protocols areemployed to perform telemetry with an implantable device, the knowledgeof how to initiate and conduct a telemetry session with the implantabledevice can become publicly available. As a result, it is important thatthe implantable device securely provide or receive sensitive informationto or from only authorized devices. Accordingly, systems, methods,apparatus and computer-readable storage media that facilitate telemetrydata communication security between an implantable device and anexternal device are desired.

SUMMARY

The following presents a simplified summary of one or more of theembodiments in order to provide a basic understanding of one or more ofthe embodiments. This summary is not an extensive overview of theembodiments described herein. It is intended to neither identify key orcritical elements of the embodiments nor delineate any scope ofembodiments or the claims. Its sole purpose is to present some conceptsof the embodiments in a simplified form as a prelude to the moredetailed description that is presented later. It will also beappreciated that the detailed description can include additional oralternative embodiments beyond those described in the Summary section.

Embodiments described herein include systems, apparatus, methods andcomputer-readable storage media that facilitate telemetry datacommunication security between an implantable device and an externaldevice. In some embodiments, the implantable device is or includes anIMD. In other embodiments, the implantable device is or includes adevice configured to interact with the IMD. In these embodiments, boththe implantable device and the IMD can be implanted within or be coupledto a patient.

In one embodiment, an implantable device is provided. The implantabledevice includes a housing configured to be implanted at least partiallywithin a patient. The implantable device also includes a memory, coupledto the housing, that stores executable components, and circuitry,coupled to the housing, and configured to at least one of obtain sensedphysiological data associated with the patient or deliver a therapy tothe patient. The implantable device also includes a processor coupled tothe housing that executes the executable components stored in thememory. The executable components can include at least a securitycomponent configured to generate security information based on receptionof a clinician telemetry session request from a clinician device via afirst telemetry communication protocol. The clinician telemetry sessionrequest can include a clinician device identifier associated with theclinician device, and the security information can include a uniquesession identifier and one or more unique session keys. The executablecomponents can further include a communication component configured toactivate telemetry communication by the implantable device via a secondtelemetry communication protocol based on sending the securityinformation to the clinician device using the first telemetrycommunication protocol. The communication component can furtherestablish a clinician telemetry session with the clinician device usingthe second telemetry communication protocol based on determining that aconnection request, received via the second telemetry communicationprotocol, was transmitted by the clinician device based on inclusion ofthe clinician device in the connection request.

In one implementation, the first telemetry communication protocolincludes a proprietary telemetry communication protocol and the secondtelemetry communication protocol comprises a non-proprietary telemetrycommunication protocol. For example, the first telemetry communicationprotocol can include a short-range (e.g., induction-based) telemetrycommunication protocol and the second telemetry communication protocolcan include a long-range (e.g., radio frequency (RF)-based) telemetrycommunication protocol.

In various implementations, in association with activation of telemetrycommunication by the implantable device using the second telemetrycommunication protocol, the communication component can be configured totransmit one or more advertisement data packets including the sessionidentifier using the second telemetry communication protocol. Thecommunication component can further receive the connection request basedon reception of at least one advertisement data packet of the one ormore advertisement data packets by the clinician device and recognition,by the clinician device, of the session identifier in the at least oneadvertisement data packet.

In some implementations, the one or more unique session keys can includea first session key and the communication component can be configured toencrypt first transmitted data transmitted by the implantable device anddecrypt first received data received by the implantable device using thefirst session key in association with performance of the cliniciantelemetry session with the clinician device. The security informationcan also include a second session key and the communication componentcan be further configured to encrypt second transmitted data transmittedby the implantable device and decrypt second received data received bythe implantable device using the second session key or both the secondsession key and the first session key in association with theperformance of the clinician telemetry session with the cliniciandevice.

The security component can also be configured to render the securityinformation unusable to establish or to conduct the clinician telemetrysession or another telemetry session between the implantable device andthe clinician device or another device at a later time. For example, thesecurity component can remove the security information from memory ofthe implantable device or render the security information expired.Accordingly, in order for the clinician device or another cliniciandevice to establish and conduct a new telemetry session with theimplantable device, the clinician device or the other clinician deviceand the implantable device can establish and exchange new securityinformation in association with a new clinician session request. Thus,after one set of security information is cleared, a new set of securityinformation can be created via a new session initiation request. Thesecurity component can render the security information unusable based onclosure of the clinician telemetry session or failure of the implantabledevice to re-establish the clinician telemetry session with theclinician device using the security information within a defined periodof time after loss of the clinician telemetry session.

Another embodiment is directed to a method of ensuring telemetry datacommunication security between an implantable device and a cliniciandevice. The method can include generating security information, by animplantable device including a processor, based on receiving a cliniciantelemetry session request from a clinician device via a first telemetrycommunication protocol. The security information can include a sessionidentifier and a first session key and wherein the clinician telemetrysession request can include a clinician device identifier associatedwith the clinician device. The method can further include sending, bythe implantable device, the security information to the clinician deviceusing the first telemetry communication protocol, and establishing, bythe implantable device, a clinician telemetry session with the cliniciandevice using a second telemetry communication protocol based ondetermining that a connection request, received via the second telemetrycommunication protocol, was transmitted by the clinician device based oninclusion of the clinician device in the connection request. In oneimplementation, the first telemetry communication protocol includes aninduction-based telemetry communication protocol and the secondtelemetry communication protocol includes a BLUETOOTH® low energy (BLE)based telemetry communication protocol.

In various implementations, the method further includes initiating, bythe implantable device, data communication using the second telemetrycommunication protocol based on the sending the security information tothe clinician device, including, transmitting, by the implantabledevice, one or more advertisement data packets comprising the sessionidentifier using the second telemetry communication protocol. Theimplantable device can further receive, the connection request based onreception of at least one advertisement data packet of the one or moreadvertisement data packets by the clinician device and recognition, bythe clinician device, of the session identifier in the at least oneadvertisement data packet. In some implementations, the method furtherincludes employing, by the implantable device, the security informationto conduct the clinician telemetry session with the clinician device,and rendering, by the implantable device, the security informationunusable to establish or conduct another telemetry session between theimplantable device and the clinician device or another device at a latertime based on closing of the clinician telemetry session. For example,the security component can remove the security information from memoryof the implantable device or render the security information expired.Accordingly, in order for the clinician device or another cliniciandevice to establish and conduct a new telemetry session with theimplantable device, the clinician device or the other clinician deviceand the implantable device can establish and exchange new securityinformation in association with a new clinician session request.

In another embodiment, a system is provided. The system includes animplantable device and a clinician device configured to performtelemetry communication with other devices using a first telemetrycommunication protocol and a second telemetry communication protocol.The implantable device can include a first telemetry componentconfigured to perform the first telemetry communication protocol, asecond telemetry component configured to perform the second telemetrycommunication protocol, and a security component configured to generatesecurity information based on reception of a clinician telemetry sessionrequest from the clinician device via the first telemetry communicationcomponent. The security information can include a session identifier andone or more session keys, and the clinician telemetry session requestcan include a clinician device identifier associated with the cliniciandevice. The second telemetry component can be configured to establish aclinician telemetry session with the clinician device using the secondtelemetry communication protocol based on determining that a connectionrequest, received via the second telemetry communication protocol, wastransmitted by the clinician device based on recognition of theclinician device identifier in the connection request. In one or moreimplementations, the first telemetry communication protocol facilitatesfirst wireless data communication over a first distance and the secondtelemetry communication protocol facilitates second wireless datacommunication over a second distance longer than the first distance.

In various implementations, prior to establishing the cliniciantelemetry session with the clinician device, the implantable device isfurther configured to transmit the security information to the cliniciandevice using the first telemetry component, and transmit one or moreadvertisement data packets including the session identifier using thesecond telemetry component. The implantable device can further receivethe connection request using the second telemetry component based onreception of at least one advertisement data packet of the one or moreadvertisement data packets by the clinician device and recognition, bythe clinician device, of the session identifier in the at least oneadvertisement data packet. The clinician device can be configured totransmit the connection request using the second telemetry communicationprotocol based on determining that an advertisement data packet receivedby the clinician device via the second telemetry communication protocolwas transmitted by the implantable device based on inclusion of thesession identifier in the advertisement data packet. In someimplementations, the implantable device can forgo, using the securitycomponent, the telemetry communication and other telemetry communicationby the implantable device with a device other than the clinician deviceusing the second telemetry communication protocol during establishmentof the clinician telemetry session between the implantable device andthe clinician device.

Still in yet another embodiment, a non-transitory computer readablemedium is provided. The non-transitory computer readable medium includescomputer executable instructions that, in response to execution, causean implantable device including at least one processor to performvarious operations. These operations can include, generating, based onreceiving a clinician telemetry session request from a clinician devicevia a first telemetry communication protocol, security informationincluding a session identifier and one or more session keys, wherein theclinician telemetry session request includes a clinician deviceidentifier associated with the clinician device. These operations canfurther include sending the security information to the clinician deviceusing the first telemetry communication protocol, transmitting one ormore advertisement data packets comprising the session identifier andusing a second telemetry communication protocol, and establishing aclinician telemetry session with the clinician device using the secondtelemetry communication protocol based in part on reception, by theclinician device, of at least one advertisement data packet of the oneor more advertisement data packets. In one or more implementations, theoperations can further include receiving a connection request from theclinician device via the second telemetry communication protocol,wherein the establishing comprises establishing the clinician telemetrysession based on inclusion of the clinician device identifier in theconnection request.

Another embodiment is directed to a method performed by a cliniciandevice. The method can include sending, by a clinician device includinga processor, a clinician telemetry session request to an implantabledevice via a first telemetry communication protocol, the cliniciantelemetry session request including a clinician device identifier andsecurity information including a unique session identifier and one ormore session keys. The method can further include transitioning, by theclinician device, from operating using the first telemetry communicationprotocol to operating using a second telemetry communication protocolbased on the sending the clinician telemetry session request, andsending, by the clinician device, a connection request to theimplantable device using the second telemetry communication protocolbased on receiving, via the second telemetry communication protocol, anadvertisement data packet including the unique session identifier,wherein the connection request includes the clinician device identifier.The method can further include performing, by the clinician device, aclinician telemetry session with the implantable device using the one ormore session keys based on acceptance of the connection request by theimplantable device based on inclusion of the clinician device identifierin the connection request.

Other embodiments and various non-limiting examples, scenarios andimplementations are described in more detail below. The followingdescription and the drawings set forth certain illustrative embodimentsof the specification. These embodiments are indicative, however, of buta few of the various ways in which the principles of the specificationcan be employed. Other advantages and novel features of the embodimentsdescribed will become apparent from the following detailed descriptionof the specification when considered in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a schematic diagram of an example, non-limitingmedical device telemetry system configured to facilitate telemetry datacommunication security between an implantable device and an externaldevice in accordance with one or more embodiments described herein.

FIG. 2A illustrates an example telemetry communication exchange betweenan implantable device and a clinician device using a first telemetrycommunication protocol in accordance with one or more embodimentsdescribed herein.

FIG. 2B illustrates another example telemetry communication exchangebetween an implantable device and a clinician device using a secondtelemetry communication protocol in accordance with one or moreembodiments described herein.

FIG. 3A illustrates a non-limiting signaling diagram of a methodfacilitating establishment of a secure clinician telemetry sessionbetween an implantable device and a clinician device in accordance withone or more embodiments described herein.

FIG. 3B illustrates a non-limiting signaling diagram of a methodfacilitating secure data communication in association with performanceof a secure clinician telemetry session between an implantable deviceand a clinician device in accordance with one or more embodimentsdescribed herein.

FIG. 4 illustrates a block diagram of an example, non-limitingimplantable device in accordance with one or more embodiments describedherein.

FIG. 5 illustrates a block diagram of an example, non-limiting cliniciandevice in accordance with one or more embodiments described herein.

FIGS. 6, 7, 8, 9 and 10 illustrate flow diagrams of example,non-limiting methods that facilitate telemetry data communicationsecurity between an implantable device and an external device inaccordance with one or more embodiments described herein.

FIG. 11 illustrates a block diagram of an example, non-limiting computeroperable to facilitate telemetry data communication security between animplantable device and an external device in accordance with one or moreembodiments described herein.

DETAILED DESCRIPTION OF DRAWINGS

The following detailed description is merely illustrative and is notintended to limit embodiments and/or application or uses of embodiments.Furthermore, there is no intention to be bound by any expressed orimplied information presented in the preceding Technical Field,Background or Summary sections, or in the Detailed Description section.

One or more embodiments are now described with reference to thedrawings, wherein like referenced numerals are used to refer to likeelements throughout. In the following description, for purposes ofexplanation, numerous specific details are set forth in order to providea more thorough understanding of the one or more embodiments. It isevident, however, in various cases, that the one or more embodiments canbe practiced without these specific details.

Additionally, the following description refers to components being“connected” and/or “coupled” to one another. As used herein, unlessexpressly stated otherwise, the terms “connected” and/or “coupled” meanthat one component is directly or indirectly connected to anothercomponent, mechanically, electrically, wirelessly, inductively orotherwise. Thus, although the figures may depict example arrangements ofcomponents, additional and/or intervening components may be present inone or more embodiments.

The subject disclosure describes systems, apparatus, methods andcomputer-readable storage media that facilitate telemetry datacommunication security between an implantable device and an externaldevice. In various embodiments, systems, apparatus, methods andcomputer-readable storage media are provided that provide substantialimprovements in the field of implantable medical device telemetrysecurity. In particular, the subject systems, apparatus, methods andcomputer-readable storage media facilitate enhanced security associatedwith establishing and performing a telemetry session with theimplantable device using a non-proprietary RF-based telemetrycommunication protocol that enables rapid bi-directional telemetrycommunication with the implantable device of data (e.g., programmingdata or waveform data associated with a remote clinician telemetrysession).

With reference now to the drawings, FIG. 1 illustrates a schematicdiagram of an example, non-limiting medical device telemetry system 100configured to facilitate telemetry data communication security betweenan implantable device and an external device in accordance with one ormore embodiments described herein. In the embodiment shown, medicaldevice telemetry system 100 includes an implantable device 104 implantedwithin a body 102 of a patient and a clinician device 116 external tothe body 102 of the patient. The clinician device 116 is shown beingheld and operated by a clinician 118 (e.g., a doctor, caregiver, anurse, a technician, etc.) of the patient. In other implementations, theclinician device 116 can be provided on a fixed mount, held by a roboticarm, or the like. The clinician device 116 can also be operated by aremote user or entity using a remote device (not shown) communicativelycoupled to the clinician device 116 via a network (e.g., the Internet,an intranet, etc.). In some embodiments, the implantable device 104 isan IMD that can also be configured to facilitate one or more diagnosticor treatment functions relative to the body 102 of a patient. In someembodiments, the implantable device 104 is separate from an IMD that isalso implanted within the body 102 and communicatively and/orelectrically coupled to the IMD.

Embodiments of devices, apparatus and systems herein can include one ormore machine-executable components embodied within one or more machines(e.g., embodied in one or more computer-readable storage mediaassociated with one or more machines). Such components, when executed bythe one or more machines (e.g., processors, computers, computingdevices, virtual machines, etc.) can cause the one or more machines toperform the operations described.

The implantable device 104 can be configured to perform telemetrycommunication with a variety of external device types, including, butnot limited to, a tablet computer associated with a patient or aclinician, a smartphone associated with a patient or a clinician, amedical device associated with a patient or a clinician, an electronicdevice at a home of a patient or at an office of a clinician, anoff-the-shelf device purchased at a store, etc. One or more embodimentsof medical device telemetry system 100 are described in connection withfacilitating telemetry data communication security between theimplantable device 104 and one or more external devices (e.g., cliniciandevice 116), and more particularly, to facilitating heightened securityassociated with data communication between the implantable device 104and clinician device 116 in association with performance of a cliniciantelemetry session. The term “clinician telemetry session” is used hereinto refer to a defined type of authorized data communication between theimplantable device 104 and an external device that is associated withheightened sensitivity relative to other types of authorized datacommunication between the implantable device 104 and an external device.For example, a clinician telemetry session can involve transmission ofprogramming data from the external device to the implantable device 104,transmission of sensitive personal information associated with a patienthaving the implantable device 104 from the implantable device 104 to theexternal device, or the performance of high power consuming datacommunication between the implantable device 104 and the externaldevice.

The term “clinician device” is used herein to refer to an externaldevice (e.g., clinician device 116) that is authorized to establish andperform a clinician telemetry session with the implantable device 104.In an exemplary embodiment, the clinician device 116 includes a devicethat is configured for operation by a clinician 118 of the patient in anin-office or in-person setting in association with performance of aclinician telemetry session with the implantable device 104. However, itshould be appreciated that the clinician device 116 can be configured tocommunicate various types of data with the implantable device 104 (andvice versa) in various contexts and using various telemetrycommunication techniques.

The type of information communicated between the implantable device 104and an external device (such as clinician device 116 and other externaldevices) can vary. For example, using wireless telemetry, theimplantable device 104 can transmit information to an external device.The information can include, but is not limited to, sensed physiologicalor biometric data from the body 102, diagnostic determinations madebased on the sensed physiological or biometric data, therapy dataassociated with a therapy delivered to the body and/or performance dataregarding operation and performance of the implantable device 104 (e.g.,power level information, information regarding strengths of signalsreceived, information regarding frequency of received interrogationrequests, remaining battery life, etc.). In some implementations, theimplantable device 104 is an IMD configured to sense the physiologicaldata or the biometric data from the body 102. The IMD can also providetherapy to the body 102 and retain the therapy information regarding thetherapy that was provided. In other implementations, the implantabledevice 104 is associated with an IMD configured to sense thephysiological or biometric data or provide the therapy to the body 102.In another example, an external device can employ telemetrycommunication to read data captured by the implantable device 104. Forinstance, the clinician device 116 can read electrogram data captured bythe implantable device 104 or other physiological or biometric datasensed by the implantable device 104. In another example, using wirelesstelemetry, an external device (e.g., clinician device 116) can sendinformation or signals to the implantable device 104 to program theimplantable device 104 or to configure or re-configure the implantabledevice 104.

The nature, purpose and type of information communicated between theimplantable device 104 and an external device can vary depending on theparticular external device with which the implantable device iscommunicating. For example, the implantable device 104 can be configuredto communicate different types of information with different types ofexternal devices, such as a clinician device (e.g., clinician device116) and a device configured to perform remote monitoring functionsassociated with the implantable device 104, which is referred to hereinas a “monitoring device.” The different types of information can beassociated with different levels of sensitivity or invasiveness anddifferent amounts of power consumption by the implantable device 104.For example, data communication between the implantable device 104 and amonitoring device can be more restrictive (e.g., read only) than datacommunication between the implantable device 104 and a clinician device(e.g., read and program). In another example, live or real-time datatransmission by the implantable device 104, which is associated withhigh power consumption by the implantable device 104, can be enabled forperformance between the implantable device 104 and a clinician deviceand disabled for performance between the implantable device 104 and amonitoring device.

As used herein, telemetry data communication between the implantabledevice 104 and a monitoring device (not shown) is referred to as a“monitoring telemetry session.” For example, a monitoring telemetrysession can be employed between the implantable device 104 and amonitoring device to communicate data captured and/or monitored by theimplantable device 104 over the lifetime of the implantable device 104to a monitoring device that is near the implantable device 104 (e.g.,within a few feet or within the same room). For example, the implantabledevice 104 can be configured to capture (periodically, randomly orotherwise) physiological information about the body 102 and transmit thephysiological information to a monitoring device (not shown). Themonitoring device can include a device associated with the patienthaving the implantable device, such as smartphone or a tablet, that iscarried by the patient or otherwise located within wireless transmissionrange of the implantable device on a regular basis (e.g., throughout theday, while the patient is home, while the patient is sleeping, etc.).The implantable device 104 can be configured to establish a monitoringtelemetry session periodically and/or based on one or more conditions(e.g., once a day, a few times a day, once an hour, in response todetection of specific triggering physiological information, etc.).Telemetry communication between the implantable device 104 and themonitoring device during a monitoring telemetry session cansubstantially involve one-way communications transmitted from theimplantable device 104 to the monitoring device. In manyimplementations, telemetry communication during a monitoring telemetrysession involves little or no reception of programming or configurationor re-configuration information by the implantable device 104 from themonitoring device.

The information received by the monitoring device from the implantabledevice 104 can facilitate monitoring the health of the patient overtime. In some embodiments, the information can be processed by themonitoring device. In other embodiments, the information received by themonitoring device can be relayed to a server device (not shown) forprocessing and monitoring the health of the patient. Further, in someembodiments, a server device can provide security measures to establishand perform a monitoring session between a monitoring device and animplantable device 104. For example, the server device can be associatedwith a patient healthcare monitoring system and network that providesthe monitoring device and the implantable device 104 with theauthorization and authentication information for establishing amonitoring session. In some implementations, the server device canfacilitate paring a monitoring device with an implantable device 104using the authorization and authentication information in associationwith performance of monitoring sessions there between.

On the contrary, in various embodiments, the implantable device 104 andthe clinician device 116 can be configured to perform a cliniciantelemetry session that involves a greater amount of data exchange, aswell as the exchange of on-demand or real-time data or data consideredsensitive or invasive relative to that associated with a remotemonitoring telemetry session or another type of telemetry session. Inone or more implementations, the clinician telemetry session canfacilitate rapid one-way or two-way communication between theimplantable device 104 and the clinician device 116. For example, aclinician telemetry session can be initiated by a clinician 118 (e.g., adoctor, a nurse, a medical technician, a caregiver, a mother, etc.)authorized to care for the patient implanted with the implantable device104 using the clinician device 116. The clinician telemetry session canbe employed during interaction between the patient and the patient'sclinician 118, such as during scheduled office visits, during routinecheck-ups, or during emergency situations. Using the clinician device116, the clinician 118 can employ a clinician telemetry session with theimplantable device 104 to program or re-program an operating parameterof the implantable device 104, command the implantable device 104 toapply a therapy to the body 102, send the clinician device 116 specificdata captured by the implantable device 104 in real-time, send theclinician device 116 specific data associated with the implantabledevice 104 that is only authorized for clinician use, and the like. Inaddition, unlike a monitoring telemetry session wherein the implantabledevice 104 can be paired with a monitoring device based on securityinformation provided to the respective devices by a remote serverdevice, in many embodiments, the server device may not enable pairingbetween an implantable device 104 and a clinician device 116 inassociation with establishing a clinician telemetry session.Accordingly, additional security mechanisms can be employed to ensure aclinician telemetry session is authorized in response to a cliniciandevice 116 attempting to establish a clinician session with animplantable device 104.

Given the different levels of sensitivity of information communicatedbetween the implantable device 104 and the clinician device 116 relativeto information communicated between the implantable device and otherdevices (e.g., a monitoring device or another external device), theimplantable device 104 and the clinician device 116 can employ a morerobust security mechanism for ensuring or increasing the likelihood thatonly an authorized clinician device can establish a clinician telemetrysession with the implantable device 104. In various embodiments, theimplantable device 104 and the clinician device 116 are configured toemploy at least two different types of telemetry communication protocolsto facilitate the higher level security associated with establishing andperforming a clinician telemetry session relative to a level of securityassociated with establishing and performing a different type oftelemetry communication, such as a monitoring telemetry session. Inparticular, the implantable device 104 and the clinician device 116 canbe configured to employ a first telemetry communication protocol toexchange device identification information and security informationrequired for establishing and performing a clinician telemetry sessionusing a second telemetry communication protocol.

In one more embodiments, at least one of the telemetry communicationprotocols employed by the implantable device 104 and the cliniciandevice 116 includes a proprietary or non-proprietary radio frequency(RF)-based communication protocol. By way of example, but notlimitation, the RF-based communication protocol can include, but is notlimited to, BLUETOOTH®, BLE, near field communication (NFC), WirelessFidelity (Wi-Fi) protocol, ZIGBEE®, RF4CE, WirelessHART, 6LoWPAN,Z-Wave, ANT, and the like.

The implantable device 104 and the clinician device 116 can alsocommunicate using proprietary or non-proprietary communication protocolsthat involve non-RF-based wireless communication protocols. For example,in one or more embodiments, the implantable device 104 and the cliniciandevice 116 are configured to communicate using an electromagneticinduction-based wireless communication technology. Inductive telemetryuses the mutual inductance established between two closely-placed coils.This type of telemetry is referred to as “inductive telemetry” or“near-field telemetry” because the coils must typically be closelysituated for obtaining inductively coupled communication. An exampleinductive wireless communication technology utilizes an inductive coilin a first device (e.g., the clinician device 116) which, if energizedby an external voltage source, produces an inductive field that can beused to transmit communications signals and/or charging signals to asecond device (e.g., the implantable device 104). The proximitytypically involved with using the inductive telemetry technology canprovide enhanced security and allow active IMDs to transmit data andaccept data from a device external to the body of the patient. In otherembodiments, the implantable device 104, the clinician device 116 and/orthe remote can employ infrared (IR)-based communication technologies,ultrasonic based communication technologies, or microwave basedcommunication technologies.

In accordance with one or more embodiments, the first telemetrycommunication protocol employed by the implantable device 104 and theclinician device 116 to exchange the device identification informationand the security information employed for establishing and conducting aclinician telemetry session can be associated with a higher level ofsecurity relative to the second telemetry communication protocolemployed to establish and conduct the clinician telemetry session caninclude a non-proprietary telemetry communication protocol. For example,in some implementations the first telemetry communication protocol caninclude a proprietary telemetry communication protocol, and the secondtelemetry communication protocol can include a non-proprietary telemetrycommunication protocol. In another example, the first telemetrycommunication protocol can limit wireless data communication to ashorter distance (e.g., less than three meters) relative to the distanceassociated with data communication via the second telemetrycommunication protocol (e.g., less than 100 meters). As a result, theimplantable device 104 and the clinician device 116 would typically needto be closer to one another in order to communicate using the firsttelemetry communication protocol relative to the distance between theimplantable device 104 and the clinician device 116 if communicatingusing the second telemetry communication protocol.

In another embodiment, the first telemetry communication protocol caninclude a non-RF based telemetry communication protocol and the secondtelemetry communication protocol can include a RF-based telemetrycommunication protocol. For example, the first telemetry communicationprotocol can include an induction-based protocol, an acoustic-basedtelemetry protocol, or an infrared-based protocol, and the secondtelemetry communication protocol can include a BLE protocol, a NFCprotocol, a Wi-Fi protocol, etc.

In other embodiments, the first telemetry communication protocol caninclude a first RF-based telemetry communication protocol and the secondtelemetry communication protocol can include a second RF-based telemetrycommunication protocol. For example, the first telemetry communicationprotocol can include a NFC protocol, and the second telemetrycommunication protocol can include a BLE protocol. In another example,the first telemetry communication protocol can include aBLUETOOTH®-based protocol involving a first set of defined communicationparameters, and the second telemetry communication protocol can includea BLUETOOTH®-based protocol involving a second set of definedcommunication parameters.

For exemplary purposes, various embodiments of medical device telemetrysystem 100 and associated apparatuses, methods, and computer-readablemediums described herein are exemplified wherein the implantable device104 and the clinician device 116 employ an induction-based telemetrycommunication as the first telemetry communication approach and BLEcommunication as a second telemetry communication approach. There is adesire to use commercially available or non-proprietary telemetrycommunication protocols such as BLE for wireless communication betweenimplantable devices and external devices (e.g., implantable device 104and clinician device 116) to more easily facilitate widespreadprovisioning of telemetry solutions. For example, many modern mobiledevices such as smartphones, tablets, personal computers (PCs) and thelike are configured to communicate using various publicly availabletelemetry protocols. However, as commercially available telemetryprotocols (e.g., BLE) are employed to perform telemetry with animplantable device, the knowledge of how to initiate and conduct atelemetry session with the implantable device can become publiclyavailable. For example, in an embodiment in which BLE is employed by theimplantable device 104 to perform telemetry, an unauthorized device maydetect an advertisement signal transmitted by the implantable device andattempt to establish a telemetry session with the implantable device.Accordingly, a robust security mechanism that ensures the implantabledevice 104 establishes and conducts a clinician telemetry session withonly an authorized clinician device is of increased importance when theimplantable device 104 employs a non-proprietary telemetry communicationprotocol (e.g., BLE) to perform telemetry communication.

In various embodiments, the establishment of a clinician telemetrysession between the implantable device 104 and the clinician device 116involves a primary telemetry communication exchange between theimplantable device 104 and the clinician device using the firsttelemetry communication protocol (e.g., induction-based) followed by asecondary telemetry communication exchanged between the implantabledevice 104 and the clinician device 116 using the second telemetrycommunication protocol (e.g., BLE). In one or more implementations, theprimary telemetry communication exchange can begin with a cliniciansession initiation request sent by the clinician device 116 to theimplantable device 104 using the first telemetry communication protocol(e.g., induction). The implantable device 104 can be configured tointerpret a clinician session initiation request received from aclinician device (e.g., clinician device 116) via the first telemetrycommunication protocol as a request to establish a clinician telemetrysession with the implantable device 104 using the second telemetrycommunication protocol.

The primary telemetry communication exchange can involve the exchange oftime-sensitive security information and device identificationinformation employed by the implantable device 104 and the cliniciandevice 116 to establish and conduct the requested clinician telemetrysession using the second telemetry communication protocol. In one ormore embodiments, at least a portion of the time-sensitive securityinformation can be generated by the implantable device 104 based onreception of the clinician session initiation request from the cliniciandevice 116 via the first telemetry communication protocol. In otherembodiments, at least a portion of the time-sensitive securityinformation can be provided by the clinician device 116 to theimplantable device 104 with the clinician session initiation request viathe first telemetry communication protocol. The security information canbe regarded as time-sensitive if security information is employed toestablish and conduct a currently requested clinician telemetry sessionbetween the implantable device and the clinician device that providedthe clinician session initiation request using the first telemetrycommunication protocol. For example, after the currently requestedclinician telemetry session is established between the implantabledevice 104 and the clinician device 116 using the security informationis closed, the implantable device 104 can be configured to clear thesecurity information from memory, delete the security information, orotherwise render the security information as expired or unusable in alater telemetry communication session between the implantable device 104and the clinician device 116 or another external device (not shown). Inaddition, if the implantable device 104 and the clinician device 116fail to establish the requested clinician telemetry session using thesecurity information within a defined window of time (e.g., theadvertisement period) following transmission of the clinician sessioninitiation request by the clinician device 116 or reception of theclinician session initiation request by the implantable device 104, theimplantable device 104 can be configured to clear the securityinformation from memory (e.g., deletes or otherwise treats as expired orunusable). As a result, in order for the same clinician device (e.g.,clinician device 116) or a new clinician device to establish a newclinician telemetry session with the implantable device 104, in someembodiments, the methodology described herein can require the cliniciandevice 116 or the new clinician device to send a new clinician sessioninitiation request to the implantable device 104 using the firsttelemetry communication protocol, thus prompting the implantable device104 to generate new security information to be employed for establishingand conducting the new clinician telemetry session.

In one or more implementations, the time-sensitive security informationincludes an identifier for the clinician device 116, a unique sessionidentifier, and one or more unique session encryption keys. Theidentifier for the clinician device 116 can include a radio frequencymodule (RFM) address of the RF communication components, a media accesscontrol (MAC) address, a universal unique identifier (UUID), or anotherunique value, symbol or character combination that identifies theclinician device 116. The session identifier can include a dynamicallygenerated unique identifier that is associated with the implantabledevice 104 and the currently requested clinician session. Thetime-sensitive security information can also include one or more uniquesession keys. The one or more unique session keys can be employed by theimplantable device 104 and the clinician device 116 to encrypt anddecrypt information communicated between the respective devices duringthe clinician telemetry session. In one implementation, the one or moreunique session keys includes a unique link layer encryption key (e.g., a128 bit link layer encryption key). In another implementation, the oneor more unique session keys can include a unique application layerencryption key (e.g., a 128 bit application layer encryption key). Stillin other implementations, the one or more unique session keys caninclude a third encryption key, a fourth encryption key, etc. In someimplementations, the implantable device 104 and the clinician device 116can be configured to employ specific keys or combinations of differentkeys to encrypt and decrypt defined types of data in association withperformance of the clinician telemetry session. For example, theimplantable device 104 and the clinician device 116 can be configured toencrypt and/or decrypt a first type of data using the link layerencryption key and the application layer key, and encrypt and/or decrypta second type of data (e.g., waveform data) using only the link layerencryption key.

In various embodiments, the implantable device 104 can be configured togenerate the security information based in part on reception of theclinician session initiation request from the clinician device 116 viathe first telemetry communication protocol. For example, based onreception of the clinician session initiation request, the implantabledevice 104 can be configured to generate a unique session identifier,such as a UUID including random numbers, or another unique identifier.In one or more embodiments, the identifier for the clinician device 116for establishment of the requested clinician telemetry session with theimplantable device 104 is included in the clinician session initiationrequest sent by the clinician device 116 to the implantable device 104.For example, the clinician session initiation request can include a RFMaddress associated with the clinician device, a MAC address associatedwith the clinician device 116, or another unique identifier for theclinician device 116. The implantable device 104 can also be configuredto generate the one or more unique session keys based on reception ofthe clinician session initiation request from the clinician device 116.

According to these embodiments, in association with the primary dataexchange using the first telemetry communication protocol, theimplantable device 104 can be further configured to send the dynamicallygenerated time-sensitive security information to the clinician device116 using the first telemetry communication protocol. For example, in anembodiment in which the first telemetry communication protocol includesan induction-based protocol, the implantable device 104 can beconfigured to transmit the security information (e.g., the dynamicallygenerated unique session identifier and the one or more unique sessionkeys) to the clinician device 116 using an induction-based telemetrycommunication signal.

In various additional embodiments, the clinician device 116 can beconfigured to send the security information to the implantable device104 using the first telemetry communication protocol in association withthe clinician session initiation request. For example, in someimplementations, the clinician device 116 can generate a unique sessionidentifier and one or more unique session keys. In otherimplementations, another device (e.g., a remote server device (notshown)) can provide the clinician device 116 with the unique sessionidentifier and the one or more unique session keys based on a requestfor the security information provided by the clinician device 116 to theother device. The clinician device 116 can also include the uniquesession identifier and the one or more session keys along with theclinician device identifier in the clinician session initiation request.

Still in other embodiments, a portion of the security informationemployed to establish and conduct a requested clinician telemetrysession can be provided by the clinician device 116 and another portionof the security information can be provided by the implantable device104. For example, the clinician device 116 can be configured to generatea unique session identifier and include the unique session identifier ina clinician session initiation request along with the clinician deviceidentifier. The clinician device can send the clinician sessioninitiation request to the implantable device 104 using the firsttelemetry communication protocol. Based on reception of the cliniciansession initiation request, the implantable device 104 can generate theone or more unique session keys and send the one or more unique sessionkeys back to the clinician device 116 using the first telemetrycommunication protocol.

By employing a first telemetry communication protocol to exchange thesecurity information employed to establish a clinician telemetry sessionthat is considered more secure than the second telemetry communicationprotocol employed to conduct the clinician telemetry session, theability for a non-authorized external device to establish and conduct aclinician telemetry session with the implantable device 104 issignificantly impeded. For example, when the first telemetrycommunication protocol includes a proprietary telemetry communicationprotocol, in some embodiments, only those external devices configured tooperate using the proprietary telemetry communication protocol will beable to establish and conduct a clinician telemetry session with theimplantable device. In another example, when the first telemetrycommunication protocol includes an induction-based telemetrycommunication protocol, the inherent proximity for the external deviceto be located relative to the implantable device 104 (e.g., less thanone meter) to use the inductive telemetry protocol provides an enhancedlevel of security. In addition, because the implantable device 104and/or the clinician device 116 can be configured to generate thesecurity information employed to establish and conduct a requestedclinician telemetry session (e.g., the unique identifier for theimplantable device 104 and the one or more unique encryption keys) inassociation with a clinician session initiation request provided by therequesting clinician device (e.g., clinician device 116), the securityinformation is not previously known or available to either device,including the implantable device 104 and the requesting cliniciandevice. The security information can be time-sensitive and limited forusage to establish and conduct only the currently requested cliniciantelemetry session. Thus the ability for a non-authorized external deviceto inadvertently or maliciously receive the security informationemployed to establish and perform a clinician telemetry session with theimplantable device 104 is significantly minimized.

Based on the implantable device 104 and the clinician device 116 havingexchanged the identification information and the security informationusing the first telemetry communication protocol (e.g., the primarytelemetry communication exchange), in one or more embodiments, theimplantable device 104 and the clinician device 116 can perform thesecondary telemetry communication exchange using the second telemetrycommunication protocol. As noted above, the secondary telemetrycommunication exchange can involve establishing the clinician telemetrysession between the implantable device 104 and the clinician device 116using the second telemetry communication protocol and the deviceidentification information and the security information provided duringthe primary telemetry communication exchange.

In one or more embodiments, the implantable device 104 can be configuredto initiate telemetry communication by the implantable device using thesecond telemetry communication protocol (e.g., BLE) based ontransmission of the security information (e.g., the unique sessionidentifier and the one or more unique session keys) to the cliniciandevice 116 via the first telemetry communication protocol. For example,the implantable device 104 can activate one or more RF components of theimplantable device 104 (e.g., an RF transmitter, an RF receiver, or anRF transceiver) in accordance with a defined RF telemetry communicationprotocol employed by the implantable device 104. Likewise, the cliniciandevice 116 can be configured to initiate telemetry communication by theclinician device 116 using the second telemetry communication protocolbased on reception of the security information from the implantabledevice 104 via the first telemetry communication protocol. In otherembodiments in which the clinician device 116 includes the securityinformation with the clinician session initiation request, theimplantable device 104 can activate telemetry communication using thesecond telemetry communication protocol based on reception of theclinician session initiation request. The clinician device 116 canactivate telemetry communication using the second telemetrycommunication protocol based on transmission of the clinician sessioninitiation request.

In various implementations, in association with initiation of telemetrycommunication by the implantable device 104 using the second telemetrycommunication protocol, the implantable device 104 can begin advertisingin accordance with defined parameters for the second telemetrycommunication protocol (e.g., BLE). The term “advertising,” as usedherein, can refer to the transmission of advertisement data packets orsignals that include information indicating the implantable device 104is ready or available to communicate with an external device (e.g.,clinician device 116). The information can indicate the implantabledevice 104 is ready or available to communicate with an external deviceusing the second telemetry communication protocol (e.g., BLE). In someembodiments, an external device (e.g., clinician device 116) activelyemploying the second telemetry communication protocol can receiveadvertisement signals transmitted by the implantable device 104.Reception of an advertisement signal by an external device from theimplantable device is referred to herein as a “discovery event.”

The number, frequency and/or timing of advertisement data packets to betransmitted by the implantable device 104 while advertising inassociation with the secondary telemetry communication exchange can bedefined in the second telemetry communication protocol. In one or moreembodiments, the implantable device 104 can be configured to transmit Nadvertisement data packets every M milliseconds (ms) for a definedadvertisement period of P minutes. For example, the implantable device104 can be configured to transmit three advertisement data packets every80 ms for an advertisement period of five minutes or until a connectionis established, whichever occurs first. In one or more implementations,the implantable device 104 can be configured to include the uniquesession identifier (e.g., the implantable device 104 unique UUID) in theone or more advertisement data packets transmitted by the implantabledevice 104. In some implementations, the implantable device 104 can alsobe configured to encrypt the information included in the one or moreadvertisement data packets using an encryption key generated by theimplantable device 104 in association with the primary telemetrycommunication exchange. For example, the implantable device 104 can beconfigured to generate a link layer encryption key and employ the linklayer encryption key to encrypt the information included in the one ormore advertisement data packets.

Based on the clinician device 116 initiating telemetry communication bythe clinician device 116 using the second telemetry communicationprotocol (e.g., BLE), the clinician device 116 can scan foradvertisement data packets transmitted by the implantable device 104.For example, in one or more embodiments, the clinician device 116 can beconfigured to accept only advertisement data packets that include theunique identifier for the implantable device 104 that was provided bythe implantable device 104 to the clinician device 116 in associationwith the primary telemetry communication exchange. The clinician device116 can ignore detected or received advertisement data packets fromother external devices that do not include the unique sessionidentifier.

In various implementations, based on reception of an advertisement datapacket including the unique session identifier, the clinician device 116can generate and send a connection request back to the implantabledevice 104 using the second telemetry communication protocol. In anembodiment in which the advertisement data packet is encrypted by theimplantable device 104 using a unique encryption key (e.g., a link layerencryption key), the clinician device 116 can also decrypt the one ormore advertisement data packets received from the implantable device 104using the unique session key encryption key (e.g., which was provided bythe implantable device 104 to the clinician device 116 during theprimary telemetry communication exchange). The connection request caninclude information that requests establishment of the cliniciantelemetry session with the implantable device 104 and the uniqueidentifier for the clinician device 116 (e.g., an RFM address associatedwith the clinician device 116 that was provided by the clinician device116 to the implantable device 104 in association with the primarytelemetry communication exchange). In one or more embodiments, theclinician device 116 can be configured to encrypt the connection requestwith a unique encryption key (e.g., the link layer encryption key)received from the implantable device 104 in association with the primarytelemetry communication exchange.

The implantable device 104 can establish the requested cliniciantelemetry session with the clinician device 116 based on reception anddecryption (if applicable) of the connection request and recognition ofthe unique identifier for the clinician device 116 included in theconnection request (e.g., which was provided by the clinician device 116to the implantable device 104 in association with the primary telemetrycommunication exchange). For example, based on reception of a properlyformatted (which can involve inclusion of the clinician deviceidentifier), and/or properly encrypted, connection request from theclinician device 116, the implantable device 104 can accept theconnection request. The implantable device 104 can also send theclinician device 116 an acceptance message indicating the connectionrequest has been accepted. If this acceptance message is received by theclinician device 116, the clinician session can be considered asestablished and the clinician device 116 and the implantable device 104can begin performing data communication in accordance with definedparameters for the clinician session. In one or more embodiments inwhich the implantable device 104 is performing the subject secondarytelemetry communication exchange, the implantable device 104 can ignoreany incoming data packets (e.g., connection requests) from externaldevices other than those including the unique identifier for theclinician device 116 (e.g., the clinician device RFM address, theclinician device MAC address or the like). In various implementations,while the clinician telemetry session is established between theimplantable device 104 and the clinician device 116, the implantabledevice 104 and the clinician device 116 are configured to forgoestablishment of another telemetry session with another external deviceusing the second telemetry communication protocol.

In one or more embodiments, the implantable device 104 can restrict theduration of time after which the implantable device 104 beginsadvertising (e.g., the advertisement period) for establishment of theclinician telemetry session. For example, the implantable device 104 maynot receive a properly formatted/encrypted connection request from theclinician device 116 within the advertisement period, thereby causingthe advertisement period to expire. In another example, the implantabledevice 104 may receive a properly formatted/encrypted connection requestfrom the clinician device 116 within the advertisement period yet beunable to respond to the connection request with an acceptance messageor otherwise establish the clinician telemetry session with theclinician device 116 due to channel interference, low received signalstrength (e.g., based on separation of the implantable device 104 andthe specific clinician device beyond wireless transmission range), oranother factor. In some implementations, the advertisement periodassociated with the secondary telemetry communication exchange is set tofive minutes. However, it should be appreciated that the advertisementperiod can be any suitable length of time that facilitates establishinga clinician telemetry session with an authorized clinician device whilelimiting an amount of current drain associated with fruitlesslyadvertising.

Once established, the implantable device 104 and the clinician device116 can begin conducting or performing the clinician telemetry session.For example, the implantable device 104 can transmit requested data tothe clinician device 116 and receive data transmitted by cliniciandevice 116, and vice versa. The type of data communication performedbetween the implantable device 104 and the clinician device 116 during aclinician telemetry session can vary depending on the features andfunctionalities of the implantable device 104, the clinician device 116,and the purpose of the clinician telemetry session. In variousembodiments, the clinician telemetry session can facilitate dynamicbi-directional (e.g., one-way and two-way) communication between theimplantable device 104 and the clinician device 116. For example, theimplantable device 104 can receive one or more downlink data packetsfrom the clinician device 116 (e.g., data packets including commands orprogramming information, etc.), and process uplink data packets fortransmission to the clinician device 116 (e.g., data packets includingwaveform information). In one or more embodiments, the implantabledevice 104 and the clinician device 116 are configured to encrypt anddecrypt some or all data communicated during the clinician telemetrysession using the one or more of the session keys generated by theimplantable device 104 in association with the primary telemetrycommunication exchange (e.g., in response to reception of the cliniciansession initiation request from the clinician device 116 via the firsttelemetry communication protocol). In some implementations, theimplantable device 104 and the clinician device 116 can employ differentsession keys or combinations of session keys to encrypt and/or decryptspecific types of data. For example, the implantable device 104 can beconfigured to encrypt live or real-time data transmitted by theimplantable device 104 using a first session encryption key and encryptother data using either a second session encryption key or both thefirst and second session encryption keys.

In various embodiments, after the clinician session is completed andclosed (e.g., via a direct request to close the clinician sessionprovided from the clinician device 116 to the implantable device 104),the implantable device 104 can remove the security information employedfor the clinician session from memory or otherwise render the securityinformation unusable in a later telemetry session between theimplantable device 104 and an external device (e.g., including theclinician device previously involved in the clinician session). Forexample, the implantable device 104 can remove the unique sessionidentifier, the one or more unique session keys and the identifier forthe clinician device 116. Accordingly, in order for the clinician device116 or another clinician device to establish and conduct a new telemetrysession with the implantable device 104, the clinician device 116 or theother clinician device and the implantable device 104 can establish andexchange new security information in association with a new cliniciansession request. In some implementations, after the clinician session isclosed, the implantable device 104 can operate using a telemetrycommunication mode that employs the second telemetry communicationprotocol in a modified manner relative to the manner employed by theimplantable device 104 in association with the secondary telemetrycommunication exchange. For example, the implantable device 104 canoperate using the second telemetry communication protocol in a mannerthat reduces an amount of power consumption by the implantable device104 relative to the manner in which the implantable device 104 operatesusing the second telemetry communication protocol in association withthe secondary telemetry communication exchange. For instance, if thesecond telemetry communication protocol involves advertising (e.g.,BLE), the implantable device 104 can employ a shorter advertising period(e.g., about one second) relative to the advertising period employedduring the secondary telemetry communication exchange. In addition, theimplantable device 104 can be configured to advertise according to a lowduty cycle (e.g., once every three minutes the implantable device 104can advertise for one second). On the contrary, in association with thesecondary telemetry communication exchange, the implantable device 104can continually advertise for a defined advertisement period (e.g., fiveminutes) until the advertisement period expires or a clinician telemetrysession is established, whichever occurs first.

In another implementation, after the clinician session is closed, theimplantable device 104 can be configured to determine whether enablingand operating using the second telemetry communication protocol isnecessary, desired, or safe. For example, if the second telemetrycommunication protocol includes an RF based telemetry communicationprotocol, under certain contexts, the operating using the secondtelemetry communication protocol may be unnecessary, undesired, orunsafe. According to this implementation, if the implantable device 104determines that operating using the second telemetry communicationtechnology is unnecessary, undesired or unsafe, the implantable devicecan deactivate or disable telemetry communication by the implantabledevice 104 using the second telemetry communication protocol.

In some instances, in lieu of the clinician session being intentionallyclosed, the clinician session can be inadvertently lost. Loss of aclinician session refers to a loss in the integrity of the telemetryconnection between the implantable device 104 and the clinician device116 in association with performance of the clinician session. Forexample, loss of a clinician session can include an inability to receiveor transmit data packets by the implantable device 104 and/or theclinician device 116 in association with performance of the cliniciansession, or an inability to receive or transmit data packets with adefined level of throughput. Loss of a clinician session can be causedby various factors such as, but not limited to, channel interference,separation of the implantable device 104 and the clinician device 116beyond wireless transmission range, or another factor. In someembodiments, if the clinician session is lost, the implantable device104 can provide the clinician device 116 a short period of time tore-establish the clinician session using the current deviceidentification information and security information. For example, theimplantable device 104 can begin advertising again in the mannerperformed by the implantable device 104 in association with thesecondary telemetry communication exchange. In this scenario, theimplantable device 104 can employ the same advertisement period theimplantable device 104 is configured to employ during the secondarytelemetry communication exchange (e.g., five minutes) or a shorteradvertisement period (e.g., three minutes). If the clinician session isnot re-established within the advertisement period, the cliniciansession can be treated as closed and the implantable device 104 canreact in the manner discussed above upon the closing of a cliniciansession (e.g., the implantable device 104 can remove the securityinformation from memory or otherwise render the security informationunusable for establishment of a future clinician telemetry session).

Accordingly, in various implementations, if a clinician sessionestablished between the implantable device 104 and the clinician device116 is lost, the methodologies described herein can be such that theonly device capable of re-establishing the clinician session with theimplantable device 104 is the clinician device 116. In particular, anyother external device will not be able to establish a clinician sessionwith the implantable device 104 because no other external device willhave the security information shared between the implantable device 104and the clinician device 116 in association with the establishment ofthe clinician session during the primary telemetry communicationexchange. In some embodiments, this security information, which caninclude unique identifiers for both the clinician device 116 and theimplantable device 104 and one or more session keys, can be required toestablish the lost clinician session. For example, in order tore-establish the lost clinician session, based on reception of a newadvertisement data packet transmitted by the implantable device thatincludes the unique identifier for the implantable device 104, theclinician device 116 can send a new connection request to theimplantable device 104 and include the identifier for the cliniciandevice 116 (e.g., a RFM address associated with the clinician device116) in the new connection request. The implantable device 104 can beconfigured to only accept a new connection request from the cliniciandevice 116 and thus only accept new connection requests that include theidentifier for the clinician device 116.

Further, in various implementations, the implantable device 104 and theclinician device 116 are configured to encrypt and decrypt data packetscommunicated between one another in association with the cliniciansession using the one or more unique session keys privy to only theclinician device 116 and the implantable device 104. Accordingly, insome embodiments, no other external device can decrypt data packetsreceived from the implantable device 104 and the implantable device 104will not be able to decrypt data packets received from an externaldevice other than the clinician device 116. Additional details ofexample embodiments of the subject telemetry communication securitymeasures associated with establishing a clinician telemetry session arediscussed in greater detail infra with respect to FIGS. 2A, 2B, 3A, 3B,4, 5, 6, 7, 8, 9 and 10 .

As noted above, unlike a clinician telemetry session, in variousembodiments, the security measures associated with establishing amonitoring telemetry session can be provided by and controlled by aremote system, such as a remote medical device monitoring system thatfacilitates remotely monitoring patients having implantable devices(e.g., a system associated with managing and ensuring telemetry securityof various patients' implanted devices). For example, the remote medicaldevice monitoring system can include a remote server device thatfacilitates pairing an implantable device 104 with a particularmonitoring device by providing the respective devices with definedauthentication and authorization information that can be employed to setup and perform a remote monitoring session.

For instance, in one embodiment, prior to implantation or afterimplantation, the implantable device 104 can receive (e.g., from theremote server device) and store information identifying the one or moreexternal monitoring devices with which the implantable device 104 isauthorized to establish a monitoring session, such as unique identifiersfor the one or more external monitoring devices. The one or moreexternal monitoring devices, for example, can include a home monitoringdevice provided to the patient in association with receiving theimplantable device 104 or a smartphone or tablet device previously ownedand/or operated by the patient and later programmed to facilitate aremote monitoring functionality associated with the patient'simplantable device 104. The implantable device 104 can further beconfigured to establish a monitoring session with only those authorizedmonitoring devices. For example, the implantable device 104 can beconfigured to only establish a monitoring session based on receipt of arequest for the monitoring session. The request can be received from anauthorized monitoring device based on inclusion of the unique identifierfor the authorized monitoring device previously provided to theimplantable device 104 by the remote server device.

In another embodiment, prior to implantation or after implantation, theimplantable device 104 can receive (e.g., from the remote server device)and store information identifying a unique identifier for theimplantable device 104 and one or more unique keys to be used by theimplantable device 104 for pairing with a monitoring device. Informationidentifying the unique identifier for the implantable device 104 and theone or more unique keys can be stored at the remote sever device. Inorder to facilitate paring a monitoring device with the implantabledevice 104, the remote server device can provide the monitoring devicewith the unique identifier for the implantable device 104 and the one ormore unique keys. The monitoring device can employ this information topair with the implantable device 104. The monitoring device can also beconfigured to provide the implantable device 104 with a uniqueidentifier for the monitoring device in association with the initialpairing.

After the implantable device 104 is paired with a monitoring deviceusing the authentication and authorization information provided by theremote medical device monitoring system, the respective devices canestablish and perform monitoring sessions with limited security checks.In various embodiments, the implantable device 104 can also employ anRF-based telemetry communication protocol (e.g., BLE) to establish amonitoring session with a monitoring device. For example, theimplantable device 104 can activate one or more RF components of theimplantable device 104 (e.g., an RF transmitter, an RF receiver, or anRF transceiver) in accordance with a defined RF telemetry communicationprotocol employed by the implantable device 104 (e.g., BLE). Similar tothe mechanism employed by the implantable device 104 to establish aclinician session, the implantable device 104 can also transmit one ormore advertisement data packets according to a defined RF telemetrycommunication protocol (e.g., BLE). In some implementations, thetransmission rate of the advertisement packets sent by the implantabledevice 104 in association with establishing a monitoring session islower or slower than the transmission rate of the advertisement packetssent by the implantable device 104 in association with establishing aclinician session. For example, the transmission rate associated withestablishing a monitoring session may be about one advertisement datapacket every three minutes compared to one advertisement data packetevery one second for establishing a clinician session. The one or moreadvertisement data packets transmitted by the implantable device 104 inassociation with establishing a monitoring session can also includeinformation that uniquely identifies the implantable device 104 (e.g., aunique identifier for the implantable device 104 provided to theimplantable device 104 by the remote server device) and indicating theimplantable device 104 is ready and available to conduct a monitoringsession.

In various embodiments, a monitoring device that is paired with theimplantable device 104 can be configured to receive and recognizeadvertisement data packets sent by the implantable device 104 inassociation with establishing a monitoring session. For example, amonitoring device that is paired with the implantable device 104 canrecognize the unique identifier for the implantable device 104 includedin the advertisement packet, wherein the identifier was previouslyprovided to the monitoring device by the remote server device. Based onreception of an advertisement packet and recognition of the uniqueidentifier, the monitoring device can be configured to send a responseto the implantable device 104 requesting establishment of a monitoringsession. The response can also include information that uniquelyidentifies the monitoring device, such as a unique identifier for themonitoring device that was previously provided by the monitoring deviceto the implantable device 104 in association with pairing and/or thatwas previously provided by the remote server device to the implantabledevice 104.

The implantable device 104 can further be configured to receive aresponse to an advertisement data packet transmitted in association withestablishing a monitoring session and determine whether the response isreceived from an authorized monitoring device. For example, based onreception of an advertisement data packet including a unique identifierfor the implantable device 104 that is recognized by an authorizedmonitoring device previously paired with the implantable device 104, theauthorized monitoring device can be configured to send a response to theimplantable device 104 that requests to establish a monitoring session.The response can also include the unique identifier for the monitoringdevice that was previously provided to the implantable device 104. Theimplantable device 104 can further be configured to establish therequested monitoring session based on recognition of the uniqueidentifier for the monitoring device in the response. In one or moreembodiments, during the monitoring session, the implantable device 104can be configured to communicate a defined type of information with themonitoring device. For example, the implantable device 104 can send themonitoring device physiological information that the implantable device104 previously obtained about the patient. In another example, theimplantable device 104 can send the monitoring device operatingperformance information monitored by the implantable device 104.

Medical device telemetry system 100 can provide several technicalsolutions to technical drawbacks associated with existing implantabledevice telemetry systems. In particular, one or more embodiments ofmedical device telemetry system 100 can provide substantial improvementsin the field of implantable device telemetry security in associationwith usage of a non-proprietary RF-based telemetry communicationprotocol by an implantable device. One or more embodiments of thenon-proprietary telemetry communication protocol (e.g., BLE) can enablerapid (and high power consuming) bi-directional telemetry communicationwith the implantable device 104 of data considered invasive or sensitive(e.g., programming data or waveform data associated with a remoteclinician telemetry session). However, in order to ensure or increasethe likelihood that only authorized clinician devices can employ thenon-proprietary telemetry communication protocol to perform suchclinician telemetry session data communications with the implantabledevice 104, one or more embodiments of medical device telemetry system100 can employ an enhanced security mechanism that utilizes anothertelemetry communication protocol (e.g., induction) to initiate aclinician session with the implantable device 104. In addition, in someembodiments, the security mechanism involves the generation oftime-sensitive security information by the implantable device 104 at thetime of initiation of the clinician session that can only be employed toestablish and conduct the currently requested clinician session.Further, in accordance with the security mechanism, in some embodiments,the implantable device 104 will not generate the security informationunless the implantable device 104 receives a properly formattedclinician session initiation request via the other telemetrycommunication protocol.

It is to be appreciated that the implantable device 104 and theclinician device 116 can include one or more devices, transducers and/orcircuits that can facilitate telemetry communication and disablement oftelemetry communication in accordance with one or more of the telemetrycommunication technologies described above. For example, the implantabledevice 104 and the clinician device 116 can include an RF transmitterthat transforms electrical power into a signal associated withtransmitted data packets. In some embodiments, the implantable device104 and the clinician device 116 can include one or more RF devices,transducers and/or circuits that can facilitate receiving informationfrom one another or additional external devices. For example, theimplantable device 104 and the clinician device 116 can include an RFreceiver that transforms a signal into electrical power. The implantabledevice 104 and the clinician device 116 can also include hardware,software, or a combination of hardware and software that can facilitatenon-RF-based telemetry communication technologies and protocols. Forexample, the implantable device 104 and the clinician device 116 caninclude an induction antenna and associated circuitry that canfacilitate receiving and interpreting induction-based signals andgenerating and transmitting induction-based signals.

The clinician device 116 can include any suitable computing device thatcan be operated by a clinician and configured to communicate with theimplantable device 104 using a first (e.g., induction-based, NFC-based,etc.) telemetry communication protocol and a second (e.g., BLE-based)telemetry communication protocol. For example, the clinician device 116can include a smartphone, a tablet, a dedicated handheld device, awearable device, or another suitable device. In some embodiments, theclinician device 116 can include an output and/or input device such as adisplay, a speaker, a microphone, a keypad, a touch screen, etc. Inother embodiments, the clinician device 116 can be configured tocommunicate with another external device to receive input and/or renderoutput.

In various embodiments, the implantable device 104 can include anynumber of different types of implantable devices configured tocommunicate with the clinician device 116 or another external device.The particular, size, shape, placement and/or function of theimplantable device 104 may not be critical to the subject disclosure insome embodiments. In one embodiment, as mentioned, the implantabledevice 104 is or includes an IMD. For example, some example IMDs caninclude, but are not limited to, cardiac pacemakers, cardiacdefibrillators, cardiac re-synchronization devices, cardiac monitoringdevices, cardiac pressure monitoring devices, spinal stimulationdevices, neural stimulation devices, gastric stimulation devices,diabetes pumps, drug delivery devices, and/or any other medical devices.In various embodiments, however, the implantable device 104 can be orinclude any number of other types of implantable devices that are notIMDs.

For exemplary purposes, the implantable device 104 is illustrated inmedical device telemetry system 100 as an IMD implanted within the chestof a patient and configured to provide medical treatment or therapyassociated with a heart disease or condition (e.g., an implantablecardioverter-defibrillator (ICD) and/or a pacemaker). In addition to themedical treatment, the implantable device 104 can also be configured toprovide the data packetizing and communication operations describedherein. The implantable device 104 includes a housing 106 within whichelectrical components and one or more power sources are housed. Theelectrical components can be powered via the one or more power sources.A power source (not shown) can include, but is not limited to, abattery, a capacitor, a charge pump, a mechanically derived power source(e.g., microelectromechanical systems (MEMs) device), or an inductioncomponent.

The electrical components can vary depending on the particular featuresand functionality of the implantable device 104. In various embodiments,these electrical component can include, but are not limited to, one ormore processors, memories, transmitters, receivers, transceivers,sensors, sensing circuitry, therapy circuitry, antennas and othercomponents. In an embodiment, the electrical components can be formed onor within a substrate that is placed inside the housing 106. The housing106 can be formed from conductive materials, non-conductive materials ora combination thereof. For example, housing 106 can include a conductivematerial, such as metal or metal alloy, a non-conductive material suchas glass, plastic, ceramic, etc., or a combination of conductive andnon-conductive materials. In some embodiments, the housing 106 can be abiocompatible housing (e.g., a liquid crystal polymer, etc.).

In the embodiment shown, the implantable device 104 is also an IMD andfurther includes leads 110 a,b connected to the housing 106. The leads110 a,b extend into the heart and respectively include one or moreelectrodes. For example, as depicted in medical device telemetry system100, leads 110 a,b each include a respective tip electrodes 112 a,b andring electrodes 114 a,b located near a distal end of their respectiveleads 110 a,b. In embodiments in which implanted, tip electrodes 112 a,band/or ring electrodes 114 a,b are placed relative to or in a selectedtissue, muscle, nerve or other location within the body 102 of thepatient. As depicted in medical device telemetry system 100, tipelectrodes 112 a,b are extendable helically shaped electrodes tofacilitate fixation of the distal end of leads 110 a,b to the targetlocation within the body 102 of the patient. In this manner, tipelectrodes 112 a,b are formed to define a fixation mechanism. In otherembodiments, one or both of tip electrodes 112 a,b may be formed todefine fixation mechanisms of other structures. In other instances,leads 110 a,b may include a fixation mechanism separate from tipelectrodes 112 a,b. Fixation mechanisms can be any appropriate type,including a grapple mechanism, a helical or screw mechanism, adrug-coated connection mechanism in which the drug serves to reduceinfection and/or swelling of the tissue, or other attachment mechanism.

Leads 110 a,b are connected at a proximal end of the implantable device104 via connector block 108. Connector block 108 may include one or morereceptacles that interconnect with one or more connector terminalslocated on the proximal end of leads 110 a,b. Leads 110 a,b areultimately electrically connected to one or more of the electricalcomponents within housing 106. One or more conductors (not shown) extendwithin leads 110 a,b from connector block 108 along the length of thelead to engage the ring electrodes 114 a,b and tip electrodes 112 a,b,respectively. In this manner, each of tip electrodes 112 a,b and ringelectrodes 114 a,b is electrically coupled to a respective conductorwithin its associated lead bodies. For example, a first electricalconductor can extend along the length of the body of lead 110 a fromconnector block 108 and electrically couple to tip electrode 112 a and asecond electrical conductor can extend along the length of the body oflead 110 a from connector block 108 and electrically couple to ringelectrode 114 a. The respective conductors may electrically couple tocircuitry, such as a therapy module or a sensing module, of theimplantable device 104 via connections in connector block 108. In one ormore embodiments, the implantable device 104 can be configured todeliver therapy to the heart (or other location) via the electricalconductors to one or more of electrodes 112 a and 112 b and 114 a and114 b. In the case of pacing therapy, for example, therapy circuitrywithin the implantable device 104 can generate and deliver pacing pulsesvia a unipolar electrode configuration, e.g., using electrodes 112 a and112 b and a housing electrode of the implantable device 104. In otherinstances, the therapy circuitry within the implantable device 104 candeliver pacing pulses via a bipolar electrode configuration, e.g., usingelectrodes 112 a and 112 b and ring electrodes 114 a and 114 b. Thetherapy circuitry may include one or more pulse generators, capacitors,and/or other components capable of generating and/or storing energy todeliver as pacing therapy in accordance with a pacing regime storedwithin memory.

Implantable device 104 can also receive sensed electrical signals on theelectrical conductors from one or more of electrodes 112 a, 112 b and114 a, 114 b. The implantable device 104 can sense the electricalsignals using either a unipolar or bipolar electrode configuration.Sensing circuitry of the implantable device 104 may process the sensedelectrical signals and the implantable device 104 may analyze theprocessed and/or or sensed electrical signals and provide the pacing asa function of the sensed electrical signal. The sensing circuitry mayinclude one or more sense amplifiers, filters, rectifiers, thresholddetectors, comparators, analog-to-digital converters (ADCs), or otheranalog or digital components.

The configuration, features and functionality of implantable device 104are merely provided as an example. In other examples, the implantabledevice 104 can include more or fewer leads extending from the housing106. For example, the implantable device 104 can be coupled to threeleads, e.g., a third lead implanted within a left ventricle of the heartof the patient. In another example, the implantable device 104 can becoupled to a single lead that is implanted within the ventricle of theheart of the patient. In other embodiments, the lead may be anextravascular lead with the electrodes implanted subcutaneously abovethe ribcage/sternum or substernally underneath or below the sternum.Example extravascular ICDs having subcutaneous electrodes are describedin U.S. Patent Publication No. 2014/0214104 (now U.S. Pat. No.9,072,914) (Greenhut et al.) and U.S. Patent Publication No.2015/0133951 (Seifert et al.), each of which is incorporated herein inits entirety. One example extravascular ICD having substernal electrodesis described in U.S. Patent Publication No. 2014/0330327(Thompson-Nauman et al.). In some embodiments, the implantable device104 can include other leads (e.g., atrial lead and/or left ventricularlead). As such, implantable device 104 can be used for single chamber ormulti-chamber cardiac rhythm management therapy. In addition to more orfewer leads, each of the leads may include more or fewer electrodes. Ininstances in which the implantable device 104 is used for therapy otherthan pacing, (e.g., defibrillation or cardioversion), the leads caninclude elongated electrodes, which may, in some instances take the formof a coil. The therapy circuitry of the implantable device 104 cangenerate and deliver defibrillation or cardioversion shocks to the heartvia any combination of the elongated electrodes and housing electrode.The therapy circuitry may include one or more high voltage (HV) outputcapacitors and a HV charging circuit, which may include one or morecapacitors, resistors, inductors, transformers, switches, or otheranalog or digital components, and discharging circuitry to delivercardioversion or defibrillation therapy, including, for example, anH-bridge circuit. In another embodiment, the implantable device 104 caninclude leads with a plurality of ring electrodes, (e.g., as used insome implantable neurostimulators), without a tip electrode or with oneof the ring electrodes functioning as the “tip electrode.”

In another embodiment, the implantable device 104 may include no leads,as in the case of an intracardiac pacemaker or a leadless pressuresensor. In the case of an intracardiac pacemaker, the device may includea housing sized to fit wholly within the patient's heart. In oneexample, the housing may have a volume that is less than 1.5 cc and,more preferably, less than 1.0 cubic centimeter (cc). However, thehousing may be greater than or equal to 1.5 cc in other examples. Theintracardiac pacemaker includes at least two electrodes spaced apartalong the outer portion of the housing for sensing cardiac electrogramsignals and/or delivering pacing pulses. Example intracardiac pacemakersare described in commonly-assigned U.S. Patent Publication No.2012/0172690 (Anderson et al.), U.S. Patent Publication No. 2012/0172941(now U.S. Pat. No. 8,386,051) (Kenneth), and U.S. Patent Publication No.2014/0214104 (now U.S. Pat. No. 9,072,914) (Greenhut et al.), each ofwhich is incorporated herein in its entirety. In the case of a leadlesspressure sensor, the device can include a housing having a fixationmember and a pressure sensing component. One example of a leadlesspressure sensor is described in U.S. Patent Publication No. 2012/0108922(now U.S. Pat. No. 8,475,372) (Schell et al.), which is incorporatedherein in its entirety.

Clinician device 116 can include any suitable computing deviceconfigured to communicate with implantable device 104. In someembodiments, the clinician device 116 can be a remote electronic device.For example, the clinician device 116 can include, but is not limitedto, a handheld computing device, a mobile phone, a smart phone, a tabletpersonal computer (PC), a laptop computer, a desktop computer, apersonal digital assistant (PDA) and/or a wearable device. In someembodiments, the clinician device 116 can include a display that canpresent information associated with the implantable device 104. Inanother embodiment, the clinician device 116 can include an applicationand/or a program associated with the implantable device 104.

FIGS. 2A and 2B, illustrate different aspects of telemetry communicationbetween an implantable device (e.g., implantable device 104) and aclinician device (e.g., clinician device 116) in association withestablishing a secure clinician telemetry session in accordance with oneor more embodiments described herein. FIG. 2A illustrates an exampleprimary telemetry communication exchange between implantable device 104and clinician device 116 using a first telemetry communication protocolin accordance with one or more embodiments described herein. FIG. 2Billustrates an example secondary telemetry communication exchangebetween implantable device 104 and clinician device 116 using a secondtelemetry communication protocol in accordance with one or moreembodiments described herein. Repetitive description of like elementsemployed in respective embodiments described herein is omitted for sakeof brevity.

In one or more embodiments, the clinician device 116 and the implantabledevice 104 can respectively include communication components configuredto facilitate telemetry communication using at least a first telemetrycommunication protocol and a second telemetry communication protocol.For example, the clinician device 116 can include clinician device (CD)communication component 202, which can include a first clinician devicetelemetry component 204 configured to facilitate telemetry communicationusing a first telemetry communication protocol and a second cliniciandevice telemetry component 206 configured to facilitate telemetrycommunication using a second telemetry communication protocol.Similarly, the implantable device 104 can include implantable device(ID) communication component 208, which can include a first implantabledevice telemetry component 210 configured to facilitate telemetrycommunication using the first telemetry communication protocol and asecond implantable device telemetry component 212 configured tofacilitate telemetry communication using the second telemetrycommunication protocol.

In various embodiments, the clinician device communication component202, the first clinician device telemetry component 204, and secondclinician device telemetry component 206 can provide the same or similarfeatures and functionalities as the corresponding components of theimplantable device 104: the implantable device communication component208, the first implantable device telemetry component 210 and the secondimplantable device telemetry component 212, respectively. Accordingly,in some embodiments, the description of the features and functionalitiesof the clinician device communication component 202, the first cliniciandevice telemetry component 204, and second clinician device telemetrycomponent 206 are applicable to the implantable device communicationcomponent 208, the first implantable device telemetry component 210 andthe second implantable device telemetry component 212, respectively (andvice versa).

The clinician device communication component 202 and the implantabledevice communication component 208 can facilitate telemetrycommunication between the clinician device 116 and the implantabledevice 104 using one or more networks (not shown) and/or wired orwireless communication protocols. In some implementations, the cliniciandevice communication component 202 can also facilitate communicationbetween the clinician device 116 and one or more other external devices(in addition to the implantable device 104) using a variety of networks(not shown) and/or wired or wireless communication protocols. Likewise,the implantable device communication component 208 can facilitatetelemetry communication between the implantable device 104 and one ormore other external devices (e.g., in addition to the clinician device116) using a variety of networks (not shown) and/or wired or wirelesscommunication protocols. For example, in one or more embodiments, theclinician device communication component 202 and the implantable devicecommunication component 208 can communicate with one another or otherdevices using NFC, or another type of communication protocol over a PANor a LAN, (e.g., a Wi-Fi network) that can provide communication overgreater distances than distances for the NFC protocol or that canaccomplish one or more aspects described herein (such as increasedsecurity).

In some embodiments, the clinician device communication component 202and the implantable device communication component 208 can controltransmission and reception of one or more data packets via acommunication channel associated with a communication protocol utilizinglower energy consumption than a conventional communication protocol forwirelessly transmitting data. For example, in a non-limiting example,the clinician device communication component 202 and the implantabledevice communication component 208 can control transmission andreception of data packets using the BLE protocol. Other communicationprotocols that can be employed by the clinician device communicationcomponent 202 and the implantable device communication component 208 caninclude, but are not limited to, other BLUETOOTH® communicationprotocols, a Session Initiation Protocol (SIP) based protocol, a ZIGBEE®protocol, a RF4CE protocol, a WirelessHART protocol, a 6LoWPAN (IPv6over Low power Wireless Personal Area Networks) protocol, a Z-Waveprotocol, an ANT protocol, an ultra-wideband (UWB) standard protocol, anRF communication protocol, and/or other proprietary and non-proprietarycommunication protocols.

In one or more embodiments, the first clinician device telemetrycomponent 204 and the first implantable device telemetry component 210can include hardware, software, or a combination of hardware andsoftware configured to facilitate telemetry communication using a firsttelemetry communication protocol (e.g., a transmitter, receiver,antenna, processor or other components employed to carry out telemetrycommunication using the first telemetry communication protocol). Inaddition, the second clinician device telemetry component 206 and thesecond implantable device telemetry component 212 can include hardware,software, or a combination of hardware and software employed tofacilitate telemetry communication using a second telemetrycommunication protocol (e.g., a transmitter, receiver, antenna,processor or other components employed to carry out telemetrycommunication using the second telemetry communication protocol).

As described supra, the first telemetry communication protocol caninclude a telemetry communication protocol that is considered moresecure than the secondary telemetry communication protocol. For example,the first telemetry communication protocol can be associated with ashorter wireless transmission range relative to the wirelesstransmission range of the second telemetry communication protocol.According to this example, the first telemetry communication protocolcan facilitate telemetry communication between devices separated byabout one meter or less while the second telemetry communicationprotocol can facilitate telemetry communication between devicesseparated by greater than one meter, and more typically over a range ofabout three to twenty meters. In another example the first telemetrycommunication protocol can include a proprietary telemetry communicationprotocol and the second telemetry communication protocol can include anon-proprietary telemetry communication protocol.

In one or more embodiments, the first telemetry communication protocolincludes a non-RF-based telemetry communication protocol, such as amagnetic induction-based telemetry communication protocol, and thesecond telemetry communication protocol includes a near-field RF-basedtelemetry communication/technology, such as BLE or the like. Accordingto these embodiments, the first clinician device telemetry component 204and the first implantable device telemetry component 210 canrespectively include an induction antenna or coil and repeaterconfigured to generate and receive electromagnetic induction signals inassociation with the primary telemetry communication exchange betweenthe clinician device 116 and the implantable device 104. For example, aninduction antenna or coil and repeater associated with the firstclinician device telemetry component 204 can generate and transmit aninduction signal that corresponds to a clinician session initiationrequest and includes information identifying the clinician device 116(e.g., an RFM address of the clinician device 116). In some embodiments,the clinician session initiation request can also include a portion orall of the unique security information (e.g., a unique sessionidentifier and/or one or more unique session keys) employed to establishand conduct the clinician session. An induction antenna or coil andrepeater associated with the first implantable device telemetrycomponent 210 can receive and interpret the clinician session initiationrequest induction signal. The induction antenna or coil and repeaterassociated with the first implantable device telemetry component 210 canalso generate and send an electromagnetic induction signal to theexternal clinician device that provides a response to the cliniciansession initiation request. For example, in some embodiments, theresponse can include all or a portion of the unique security informationgenerated by the implantable device 104 (e.g., a UUID and one or moreunique session keys).

Likewise, the second clinician device telemetry component 206 and thesecond implantable device telemetry component 212 can respectivelyinclude one or more RF components configured to generate, receive, andinterpret RF signals using a BLE protocol. For example, the secondclinician device telemetry component 206 and the second implantabledevice telemetry component 212 can control operation of an RFtransceiver and RF repeater of the clinician device 116 and theimplantable device 104, respectively, and control transmission andreception of one or more RF data packets by the clinician device 116 andthe implantable device 104 in association with performance of BLEtelemetry communication between the respective devices (e.g., duringperformance of the secondary telemetry communication exchange and theclinician session). In some embodiments, as an alternative or inaddition to including a transceiver, the second clinician devicetelemetry component 206 and the second implantable device telemetrycomponent 212 can include a transmitter and a receiver that do not sharecommon circuitry.

In some implementations, the second clinician device telemetry component206 and the second implantable device telemetry component 212 caninclude or be associated with existing RF modules or components of theclinician device 116 and the implantable device 104, respectively. Forexample, the clinician device 116 and/or the implantable device 104 caninclude RF modules or components that are employed by the respectivedevices to perform telemetry communications that are not associated withperformance of a clinician session between the clinician device 116 andthe implantable device 104. For instance, the clinician device 116 caninclude a computing device (e.g., a tablet, a smartphone, etc.), thathas been configured to perform clinician device applications in additionto various other unrelated computing applications. According to theseembodiments, the second clinician device telemetry component 206 and thesecond implantable device telemetry component 212 can respectivelyinclude software configured to control operation of the existing RFmodules or components of the clinician device 116 and the implantabledevice 104, respectively, to perform defined BLE operations associatedwith establishing and performing a clinician session. The secondclinician device telemetry component 206 and the second implantabledevice telemetry component 212 can also receive information uniquelyidentifying the existing RF modules or components of the respectivedevices (e.g., RFM addresses) prior to performance of the operationsassociated with establishing and performing a clinician session (e.g.,in association with configuring of the respective devices to haveclinician session applications).

As shown in FIG. 2A, the clinician device 116 and the implantable device104 can respectively activate and employ the first clinician devicetelemetry component 204 and the first implantable device telemetrycomponent 210 in association with performance of the primary telemetrycommunication exchange. For example, during the primary telemetrycommunication exchange, the clinician device 116 can activate and employthe first clinician device telemetry component 204 to generate and senda clinician session initiation request message to the implantable device104 (e.g., via a first electromagnetic induction signal). Theimplantable device 104 can activate and employ the first implantabledevice telemetry component 210 to receive and interpret the cliniciansession initiation signal and to generate and send a response message tothe clinician session initiation signal (e.g., via a secondelectromagnetic induction signal). For example, the response message caninclude all or a portion of the unique security information (e.g., theunique session identifier and one or more unique session keys) generatedby the implantable device 104 based on reception of the cliniciansession initiation request. The clinician device 116 can furtherinterpret the received response message via the first clinician devicetelemetry component 204.

As shown in FIG. 2B, the clinician device 116 and the implantable device104 can respectively activate and employ the second clinician devicetelemetry component 206 and the second implantable device telemetrycomponent 212 in association with performance of the secondary telemetrycommunication exchange. For example, based on reception of the cliniciansession response message or transmission of a clinician sessioninitiation request including the security information, the cliniciandevice 116 can direct the clinician device communication component 202to transition from communicating with the implantable device 104 usingthe first clinician device telemetry component 204 to using the secondclinician device telemetry component 206. According to this example,using the second clinician device telemetry component 206, the cliniciandevice 116 can detect one or more advertisement data packets transmittedby the implantable device 104. Similarly, based on transmission of theclinician session response message or based on reception of a cliniciansession initiation request including the security information, theimplantable device 104 can direct the implantable device communicationcomponent 208 to begin transmitting the one or more advertisement datapackets including the unique session identifier using the secondimplantable device telemetry component 212.

In addition, based on reception of one or more of the advertisement datapackets by the second clinician device telemetry component 206, theclinician device 116 can activate and employ the second clinician devicetelemetry component 206 to generate and send a connection request to theimplantable device 104 and to receive a connection request acceptancemessage from the implantable device 104. Likewise, the implantabledevice 104 can activate and employ the second implantable devicetelemetry component 212 to receive the connection request and generateand send the connection request acceptance message to the cliniciandevice 116 (e.g., based on a determination that the connection requestwas provided by the clinician device 116 based on inclusion of theclinician device identifier in the connection request and/or based on anability of the implantable device 104 to decrypt the connection requestusing one or more of the unique session keys).

FIG. 3A illustrates a non-limiting signaling diagram of a signalingmethod 300 facilitating establishment of a secure clinician telemetrysession between an implantable device (e.g., implantable device 104) anda clinician device (e.g., clinician device 116) in accordance with oneor more embodiments described herein. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

With reference to FIGS. 1, 2A, 2B and 3A, signaling method 300 includesa flow of signaling commands or messages that can be communicatedbetween the clinician 118, the clinician device 116, the cliniciandevice communication component 202, and the implantable device 104 inassociation with establishing a clinician session in accordance with oneor more embodiments described herein. In the embodiment shown, theclinician device communication component 202 is separated from theclinician device 116 to indicate that the clinician device communicationcomponent 202 includes one or more hardware components associated withtelemetry communication by the clinician device 116 that may not bededicated to the clinician session functionality of the clinician device116. For example, the clinician device communication component 202 caninclude an RF module employed by the clinician device 116 when operatingin capacities other than a clinician device (e.g., a cellular phone, apersonal computing device, etc.). In this embodiment, the cliniciandevice communication component 202 can include magnetic inductiontelemetry hardware components and associated circuitry as well as RFtelemetry hardware components and associated circuitry that are includedon or within the clinician device 116. At least some of the processingfunctionality associated with generating and interpreting signalstransmitted or received by the clinician device communication component202 in association with establishing and performing a clinician sessioncan be distributed to one or more dedicated clinician components of theclinician device 116.

At 301, the clinician 118 (e.g., a caregiver or entity that operates theclinician device 116) provides an open session initiation request to theclinician device 116. For example, using a clinician session applicationprovided on the clinician device 116, the clinician 118 can provideinput selecting an “open clinician session” feature provided by theapplication. Based on reception of the open session clinician request,at 302 the clinician device 116 can send the clinician devicecommunication component 202 an implantable device identifier (ID)request, and at 303, the clinician device communication component 202generates and sends the implantable device ID request to the implantabledevice 104 using the first telemetry communication protocol (e.g., viathe first clinician device telemetry component 204). In one or moreimplementations of signaling method 300, the first telemetrycommunication protocol includes an electromagnetic induction-basedtelemetry communication protocol. This implantable device ID request canbe employed to inform the clinician device 116 about the particularimplantable device with which the clinician device is about tocommunicate. In particular, an implantable device implanted within apatient can be associated with a unique ID and submodel ID. The model IDand submodel ID for the implantable device 104 can be associated withinformation accessible to the clinician device 116 that describescharacteristics of the implantable device 104, such as the type of theimplantable device 104, the capabilities of the implantable device 104,patient information about the patient implanted with the implantabledevice 104, etc. At 304, the implantable device 104 can transmit aresponse to the implantable device ID request using the first telemetrycommunication protocol and sends the clinician device communicationcomponent 202 the model ID and submodel ID for the implantable device104. At 305, the clinician device communication component 202 canprovide the model ID and submodel ID for the implantable device 104 tothe clinician device 116.

At 306, the clinician device 116 can provide a clinician sessioninitiation request to the clinician device communication component 202.The clinician session initiation request can include a unique identifierfor the clinician device 116 (e.g., the RFM address for the cliniciandevice 116) and can request security information for the cliniciansession from the implantable device 104. At 307, the clinician devicecommunication component 202 can generate and send the clinician sessioninitiation request to the implantable device 104 using the firsttelemetry communication protocol. Based on reception of the cliniciansession initiation request and inclusion of the clinician deviceidentifier in the clinician session initiation request, the implantabledevice 104 can generate the requested security information. For example,the implantable device 104 can generate a unique session identifier(e.g., a UUID) and one or more unique session keys. In the embodimentshown, the implantable device 104 can generate a unique link key and/ora unique application key.

At 308, the implantable device 104 can provide the unique link key tothe clinician device communication component 202 using the firsttelemetry communication protocol. At 309, the implantable device 104 canprovide the unique session identifier and/or the unique application keyto the clinician device communication component 202 using the firsttelemetry communication protocol. At 310, the clinician devicecommunication component 202 can provide the unique session identifierand/or the unique application key to the clinician device 116. At thispoint, the implantable device 104 and the clinician device 116 havecompleted the primary telemetry communication exchange and may begin thesecondary telemetry communication exchange.

In accordance with the secondary telemetry communication exchange, at311, the clinician device 116 can provide a request to the cliniciandevice communication component 202 requesting initiation of telemetrycommunication using the second telemetry communication protocol. In theembodiment shown, the second telemetry communication protocol includes aRF-based telemetry communication protocol (e.g., BLE). Accordingly, therequest at 311 can be identified as a request for RF mode operation bythe clinician device communication component 202. At 312, the cliniciandevice communication component 202 can transition from operating usingthe first telemetry communication protocol to operating using the secondtelemetry communication protocol and inform the clinician device 116that the clinician device communication component 202 has initiatedoperation of the implantable device using the RF mode (e.g., BLE) via anRF mode ready message.

Also in accordance with the secondary telemetry communication exchange,the implantable device 104 can begin transmitting one or moreadvertisement data packets using the second telemetry communicationprotocol. The one or more advertisement data packets can include theunique session identifier generated by the implantable device 104 inassociation with the primary telemetry communication exchange. Forexample, at 313, the implantable device 104 can send an advertisementpacket including the unique session identifier to the clinician devicecommunication component 202. At 314, the clinician device communicationcomponent 202 can provide the advertisement packet to the cliniciandevice 116.

At 315, based on reception of the advertisement data packet and adetermination that the advertisement data packet originated from theimplantable device 104 (e.g., based on recognition of the unique sessionidentifier included in the advertisement data packet), the cliniciandevice 116 can provide a clinician session connection request to theclinician device communication component 202. The clinician sessionconnection request can include information requesting establishment ofthe clinician session between the clinician device 116 and theimplantable device 104 and can further include the clinician deviceidentifier. At 316, the clinician device communication component 202 cangenerate and send the clinician session connection request to theimplantable device 104 using the second telemetry communicationprotocol.

At 317, based on reception of the clinician session connection requestand a determination that the clinician session initiation request wasprovided by the clinician device 116 (e.g., via recognition of theclinician device identifier in the clinician session connectionrequest), the implantable device 104 can generate and send a connectionaccepted response message to the clinician device communicationcomponent 202 using the second telemetry communication protocol. At 318,the clinician device communication component 202 can provide theconnection accepted message to the clinician device 116. At this time,based on reception of the connection accepted message by the cliniciandevice 116, the clinician session is established between the implantabledevice 104 and the clinician device 116, as indicated via dashed line A.In one or more implementations, one or more data communications betweenthe clinician device communication component 202, and the implantabledevice 104 performed during the secondary telemetry communicationexchange (e.g., the one or more advertisement data packets, theclinician session connection request, and/or the connection acceptedmessage) can be encrypted and decrypted using the unique link keygenerated by the implantable device 104 and shared between theimplantable device 104 and clinician device communication component 202in association with the primary telemetry communication exchange.

FIG. 3B illustrates a non-limiting signaling diagram of a signalingmethod 350 facilitating secure data communication in association withperformance of a secure clinician telemetry session between animplantable device (e.g., implantable device 104) and a clinician device(e.g., clinician device 116) in accordance with one or more embodimentsdescribed herein. Repetitive description of like elements employed inother embodiments described herein is omitted for sake of brevity.

With reference to FIGS. 1, 2A, 2B, 3A and 3B, signaling method 350includes a flow of signaling commands or messages between the clinician118, the clinician device 116, the clinician device communicationcomponent 202, and the implantable device 104 in association withperforming an established clinician session in accordance with one ormore embodiments described herein. In one or more implementations,signaling method 350 is a continuation of signaling method 300 after theclinician session is established between the implantable device 104 andthe clinician device 116, as indicated by dashed line A in FIG. 3A.

At 319, the clinician device 116 can send an interrogation request tothe clinician device communication component 202. The interrogationrequest can include a request for information from the implantabledevice 104. In some implementations, the interrogation request caninclude a request for defined information from the implantable device104. In other implementations, the interrogation request can include arequest for a digest or index of all information available on theimplantable device 104. For exemplary purposes, signaling method 350 isdescribed wherein the interrogation request includes a request for sucha digest or index. According to this embodiment, at 320, the cliniciandevice communication component 202 can generate and send theinterrogation request to the implantable device 104 using the secondtelemetry communication protocol. In response to reception of theinterrogation request, at 321, the implantable device 104 can respond bysending a memory read table message to the clinician devicecommunication component 202. The memory read table message can includefor example, a table of addresses and/or links to information providedon the implantable device 104 (e.g., in memory of the implantable device104). At 322, the clinician device communication component 202 canforward the memory read table message to the clinician device 116.

In various embodiments, the memory read table can include informationidentifying the implantable device 104, can include waveform data, andcan be capable of generating and providing the waveform data to theclinician device 116. In particular, in an embodiment in which theimplantable device 104 is or includes an ICD, the ICD can captureelectrical signals of the heart via one or more leads (e.g., leads 110a,b), referred to herein as “waveform data.” The live waveform moderefers to an operating mode of the implantable device 104 wherein theimplantable device 104 can transmit waveform data to the cliniciandevice 116 in real-time. In this context, the term “real-time” can bewithin a defined amount of time after the waveform data is captured. Thewaveform data can be transmitted during a clinician session.

In the embodiment shown, the clinician device 116 can direct theimplantable device 104 to activate the live waveform mode wherein theimplantable device 104 generates and provides live (or real-time)waveform data captured by the implantable device 104 to the cliniciandevice 116. For example, at 323, the clinician device 116 can send anenable waveform request to the clinician device communication component202, which can format and send the enable waveform request to theimplantable device 104 using the second telemetry communication protocolat 324. In response to reception of the enable waveform request, at 325,the implantable device 104 can send the waveform data to the cliniciandevice communication component 202 in real-time as the waveform data iscaptured by the implantable device 104 using the second telemetrycommunication protocol. The clinician device communication component 202can further provide the live waveform data to the clinician device 116at 326. The live waveform data can be rendered to the clinician 118 viaa display screen of the clinician device at 116 at 327.

In addition to waveform data, the memory read table can identify avariety of other types of information provided by the implantable device104, such as information about the body 102 of the patient monitored bythe implantable device 104, information regarding operating parametersof the implantable device 104, information regarding an amount of drugremaining in drug application reservoir of the implantable device 104,etc. For example, at 328, the clinician device 116 can send a firstinformation request to the clinician device communication component 202,which can generate and send the first information request to theimplantable device 104 using the second telemetry communication protocolat 329. The first information request can include a request for firstspecific information included in the memory read table, for example.

At 330, the implantable device 104 can respond with the first requestedinformation using the second telemetry communication protocol. At 331,the first information can be received by the clinician devicecommunication component 202 and can be forwarded by the clinician devicecommunication component 202 to the clinician device 116. At 332, theclinician device 116 can send a second information request to theclinician device communication component 202, which can generate andsend the second information request to the implantable device 104 usingthe second telemetry communication protocol at 333. The secondinformation request can include a request for second specificinformation included in the memory read table. At 334, the implantabledevice 104 can respond with the second requested information using thesecond telemetry communication protocol. At 335, the second informationcan be received by the clinician device communication component 202 andforwarded by the clinician device communication component 202 to theclinician device 116.

Once the clinician device 116 has received all requested information, at336, the clinician device 116 can provide an output for the clinician118 (e.g., via a speaker and/or display screen of the clinician device116) that indicates the interrogation is complete. If the clinician doesnot have any additional information to request from or provided to theimplantable device, at 337, the clinician can provide input requestingto close the clinician session. At 338, the clinician device 116 canthen provide the close clinician session request to the clinician devicecommunication component 202, which can generate and provide the closeclinician session request to the implantable device 104 using the secondtelemetry communication protocol at 339. At 340, the implantable device104 can then close the clinician session and remove (or otherwise renderexpired), the clinician session security information from memory (e.g.,the unique session identifier, the link key and the application key).

Once the security information is removed, the implantable device 104 cansend a message to the clinician device communication component 202 usingthe second communication protocol informing the clinician device 116that the clinician session has been closed. At 341, the clinician devicecommunication component 202 can provide the clinician session closedmessage to the clinician device 116. At this time, the clinician sessioncan be considered closed, as indicated by dashed line B.

It should be appreciated that the various types of communicationperformed in accordance with the clinician session described viasignaling method 350 are merely exemplary. For example, the type ofinformation communicated between the clinician device 116 and theimplantable device 104 during an established clinician session can varydepending on the features and functionalities of the clinician device,the implantable device 104 and the purpose of the clinician session (asdetermined by the clinician 118).

In various embodiments, some or all communication signals or messagescommunicated between the clinician device 116, the clinician devicecommunication component 202 and implantable device 104 during theclinician session can be encrypted with the link key, the applicationlayer encryption key, or a combination of both the link and applicationlayer encryption keys. In one or more embodiments, all data besideswaveform data that is communicated between the clinician device 116, theclinician device communication component 202 and implantable device 104during the clinician session are encrypted with both the link key andthe application key. However, in some embodiments, waveform data may notbe encrypted using the application key to facilitate the efficienttransmission and reception of live data. In addition, at the close ofthe clinician session, if waveform mode by the implantable device 104has been enabled, the implantable device 104 can automatically disablewaveform mode and stop sending live waveform data using the secondcommunication protocol.

FIG. 4 illustrates a block diagram of an example, non-limitingimplantable device (e.g., implantable device 104) in accordance with oneor more embodiments described herein. The implantable device 104includes implantable device communication component 208 and securitycomponent 402, a power source 404, and implantable device circuitry 408.The implantable device 104 can include memory 412 configured to storecomputer executable components and instructions and processor 410 tofacilitate operation of the instructions (e.g., computer executablecomponents and instructions) by the implantable device 104. Theimplantable device 104 can include a bus 406 that couples the variouscomponents of the implantable device 104, including, but not limited to,the implantable device communication component 208, the securitycomponent 402, the power source 404, the implantable device circuitry408, the processor 410 and the memory 412. Repetitive description oflike elements employed in other embodiments described herein is omittedfor sake of brevity.

Aspects of the systems, apparatuses or processes explained in thisdisclosure can constitute machine-executable component(s) embodiedwithin machine(s), e.g., embodied in one or more computer readablemediums (or media) associated with one or more machines. Suchcomponent(s), when executed by the one or more machines, e.g.,computer(s), computing device(s), virtual machine(s), etc. can cause themachine(s) to perform the operations described.

With reference to FIGS. 1, 2, and 4 , the security component 402 can beconfigured to facilitate performance of the subject security processesin association with establishing and performing a clinician telemetrysession by the implantable device 104. In particular, the securitycomponent 402 can facilitate performance of the primary and secondarytelemetry communication exchange, encoding and decoding of informationduring an established clinician session, re-establishing a lostclinician telemetry session, and ensuring the security informationgenerated by the implantable device for a clinician session cannot beused at a later time after the clinician session is closed. For example,in some embodiments, in response to reception of a properly formattedtelemetry clinician session initiation request via the first telemetrycommunication protocol and recognition of a clinician device identifierin the clinician session initiation request, the security component 402can generate the some or all of the time-sensitive security informationrequired to establish and conduct the clinician session using the secondtelemetry communication protocol (e.g., a unique session identifier andone or more unique session keys). In other embodiments, the securitycomponent 402 can receive some or all of the security information fromthe clinician device 116 with the clinician session initiation request.

In some implementations, the security component 402 can further storethe clinician device identifier and the security information generatedfor the currently requested clinician session in memory 412 of theimplantable device 104 (e.g., as authorized device information 414). Thesecurity component 402 can further authorize establishment of aclinician session based on reception of a properly formatted connectionrequest via the second telemetry communication protocol (e.g., thatincludes the clinician device identifier and/or that is encrypted andthus able to be decrypted using one or more of the unique session keys).The security component 402 can further encrypt information fortransmission by the implantable device and decrypt information receivedby the implantable device during the clinician session. In someimplementations, the security component 402 can further remove thesecurity information from memory 412 or otherwise render the securityinformation unusable to establish another telemetry session in thefuture based on closing of the clinician telemetry session.

The implantable device circuitry 408 can include hardware, software or acombination of hardware and software employed to facilitate operation ofthe various components of the implantable device 104. For example, theimplantable device circuitry 408 can include, but is not limited to: apulse generator, capacitors, leads (e.g., leads 110 a,b), electrodes(e.g., tip electrodes 112 a,b and ring electrodes 114 a,b), sensors,accelerometers, pumping mechanisms, reservoirs, implantable devicecommunication component 208 hardware (e.g., antennas, transmitters,receivers, transceivers repeaters, etc.), a therapy output module, andthe like. The implantable device circuitry 408 can facilitate variousoperations of the implantable device, including, but not limited to,medical related operations (e.g., sensing electrical signals of theheart, dispensing a drug, etc.), and telemetry communication modeoperations of the implantable device (e.g., RF telemetry and non-RFtelemetry such as induction).

Implantable device 104 can further include power source 404 to drive theoperations of implantable device 104 and provide power to the variouselectrical components of the implantable device 104. In one or moreembodiments, the power source 404 includes, but is not limited to, abattery, a capacitor, a charge pump, a mechanically derived power source(e.g., microelectromechanical systems (MEMs) device), or an inductioncomponent. The induction component can also be employed by the secondimplantable device telemetry component 212 to facilitate transmissionand reception of induction-based telemetry signals.

FIG. 5 illustrates a block diagram of an example, non-limiting cliniciandevice (e.g., clinician device 116) in accordance with one or moreembodiments described herein. The clinician device 116 can include anysuitable computing device that can be operated by a clinician andconfigured to communicate with an implantable device (e.g., implantabledevice 104) using a first (e.g., induction-based) telemetrycommunication protocol and a second (e.g., BLE) telemetry communicationprotocol. For example, the clinician device 116 can include asmartphone, a tablet, a dedicated handheld device, a wearable device, oranother suitable device. In some embodiments, the clinician device 116can include an output and/or input device such as a display, a speaker,a microphone, a keypad, a touchscreen etc. In other embodiments, theclinician device 116 can be configured to communicate with anotherremote device to receive input and/or render output.

The clinician device 116 includes clinician device communicationcomponent 202, clinician component 502, and security component 512. Theclinician device 116 can include memory 516 configured to store computerexecutable components and instructions and processor 514 to facilitateoperation of the instructions (e.g., computer executable components andinstructions) by the clinician device 116. The clinician device 116 caninclude a bus 510 that couples the various components of the cliniciandevice 116, including, but not limited to, the clinician devicecommunication component 202, clinician component 502, and securitycomponent 512, the processor 514 and the memory 516.

Aspects of the systems, apparatuses or processes explained in thisdisclosure can constitute machine-executable component(s) embodiedwithin machine(s), e.g., embodied in one or more computer readablemediums (or media) associated with one or more machines. Suchcomponent(s), when executed by the one or more machines, e.g.,computer(s), computing device(s), virtual machine(s), etc. can cause themachine(s) to perform the operations described.

With reference to FIGS. 1, 2, and 5 , the security component 512 canfacilitate establishing a trusted clinician telemetry session betweenthe clinician device 116 and the implantable device 104. For example,the security component 512 can direct the first clinician devicetelemetry component 204 to generate and send a clinician sessioninitiation request to the implantable device 104 using the firsttelemetry communication protocol (e.g., induction signal) and include aunique identifier for the clinician device 116 in the clinician sessioninitiation request (e.g., an RFM address). The first clinician devicetelemetry component 204 can further receive a response signal to theremote clinician session initiation request from the implantable device104 via the first telemetry communication protocol (e.g., anotherinduction signal) and the security component 512 can extract thesecurity information included in the response signal. In one or moreimplementations, the security information includes a unique sessionidentifier and one or more session keys. The security component 512 canfurther store the security information in memory 516.

In some embodiments, the security component 512 can also include some orall of the security information in the clinician session initiationrequest. For example, the security component 512 can generate securityinformation including the unique session identifier and/or the one ormore session keys and include the security information in the cliniciansession initiation request. In some implementations, rather thangenerating the security information, the security component 512 canrequest and receive the security information from another device (e.g.,a remote server device (not shown)). In another embodiment, the securitycomponent 512 can be configured to generate or receive the uniquesession identifier and include the unique session identifier in theclinician session initiation request along with a clinician deviceidentifier. The implantable device 104 can further generate the one ormore session keys based on reception of the clinician session initiationrequest. The implantable device 104 can provide the one or more sessionkeys to the security component 512 using a response message transmittedvia the first telemetry communication protocol.

The security component 512 can further identify advertisement datapackets transmitted by the implantable device 104 based on inclusion andrecognition of the unique session identifier in the advertisement datapackets. The security component 512 can also direct the second cliniciandevice telemetry component 206 to send a connection request to theimplantable device and include the unique identifier for the cliniciandevice in the connection request. The implantable device 104 canestablish an authorized clinician telemetry session with the cliniciandevice 116 based on reception of the connection request. After theremote clinician telemetry session is established, the second cliniciandevice telemetry component 206 can employ the one or more session keysto encrypt and decrypt information communicated between the implantabledevice 104 and the clinician device 116.

The clinician device 116 includes clinician component 502 to facilitateconducting clinician telemetry session with the implantable device 104.For example, the clinician component 502 can facilitate requestingspecific information from the implantable device and sending specificinformation to the implantable device 104. The clinician component 502can include programming component 504, waveform component 506 andstandby component 508. The programming component 504 can facilitategenerating and sending programming commands to the implantable device104. The waveform component 506 can facilitate activating anddeactivating a waveform mode of the implantable device 104 and receivinglive waveform data from the implantable device 104. The standbycomponent 508 can facilitate requesting entry of and exit of theimplantable device 104 to and from the standby mode.

FIGS. 6, 7, 8, 9 and 10 illustrate flow diagrams of example,non-limiting methods that facilitate telemetry data communicationsecurity between an implantable device and an external device inaccordance with one or more embodiments described herein. While, forpurposes of simplicity of explanation, the methodologies are shown anddescribed as a series of acts, the disclosed subject matter is notlimited by the order of acts, as some acts can occur in different ordersand/or concurrently with other acts from that shown and describedherein. For example, those skilled in the art will understand andappreciate that a methodology can alternatively be represented as aseries of interrelated statuses or events, such as in a state diagram.Moreover, not all illustrated acts may be required to implement amethodology in accordance with the disclosed subject matter.Additionally, it is to be appreciated that the methodologies disclosedin this disclosure are capable of being stored on an article ofmanufacture to facilitate transporting and transferring suchmethodologies to computers or other computing devices. The followingmethods facilitate enhanced security associated with establishing andperforming a telemetry session with the implantable device (e.g.,implantable device 104) using an RF-based telemetry communicationprotocol (e.g., BLE) that enables rapid (and high power consuming)bi-directional telemetry communication with the implantable device 104of data considered invasive or sensitive (e.g., programming data orwaveform data associated with a remote clinician telemetry session).

Referring now to FIG. 6 , shown is a flow diagram of an example method600 configured to facilitate telemetry data communication securitybetween an implantable device (e.g. implantable device 104) and anexternal device (e.g., clinician device 116) in accordance with one ormore embodiments described herein. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

At 602, an implantable device including a processor (e.g., implantabledevice 104) can generate, based on receiving a clinician telemetrysession request from a clinician device (e.g., clinician device 116) viaa first telemetry communication protocol (e.g., an induction-basedtelemetry communication protocol), security information including asession identifier and a first session key, wherein the cliniciantelemetry session request includes a clinician session identifierassociated with the clinician device. At 604, the implantable device cansend the security information to the clinician device using the firsttelemetry communication protocol. At 606, the implantable device canestablish a clinician telemetry session with the clinician device usinga second telemetry communication protocol (e.g., BLE) based ondetermining that a connection request, received via the second telemetrycommunication protocol, was transmitted by the clinician device based oninclusion of the clinician device identifier in the connection request.

Referring now to FIG. 7 , shown is a flow diagram of another examplemethod 700 configured to facilitate telemetry data communicationsecurity between an implantable (e.g. implantable device 104) and anexternal device (e.g., clinician device 116) in accordance with one ormore embodiments described herein. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

At 702, an implantable device including a processor (e.g., implantabledevice 104) can generate, based on receiving a clinician telemetrysession request from a clinician device (e.g., clinician device 116) viaa first telemetry communication protocol (e.g., an induction-basedtelemetry communication protocol), security information including asession identifier and a first session key, wherein the cliniciantelemetry session request includes a clinician device identifierassociated with the clinician device. At 704, the implantable device cansend the security information to the clinician device using the firsttelemetry communication protocol. At 706, the implantable device caninitiate data communication using a second telemetry communicationprotocol (e.g., BLE) based on the sending the security information tothe clinician device, including, transmitting, by the implantabledevice, one or more advertisement data packets including the sessionidentifier using the second telemetry communication protocol.

At 708, the implantable device receives a connection request based onreception of at least one advertisement data packet of the one or moreadvertisement data packets by the clinician device and recognition, bythe clinician device, of the session identifier in the at least oneadvertisement data packet. At 710, the implantable device establishes aclinician telemetry session with the clinician device using the secondtelemetry communication protocol based on determining that theconnection request was transmitted by the clinician device based oninclusion of the clinician device identifier in the connection request.

Referring now to FIG. 8 , shown is a flow diagram of another examplemethod 800 configured to facilitate telemetry data communicationsecurity between an implantable (e.g. implantable device 104) and anexternal device (e.g., clinician device 116) in accordance with one ormore embodiments described herein. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

At 802, an implantable device including a processor (e.g., implantabledevice 104) can generate, based on receiving a clinician telemetrysession request from a clinician device (e.g., clinician device 116) viaa first telemetry communication protocol (e.g., an induction-basedtelemetry communication protocol), security information including asession identifier and a first session key, wherein the cliniciantelemetry session request includes a clinician device identifierassociated with the clinician device. At 804, the implantable device cansend the security information to the clinician device using the firsttelemetry communication protocol. At 806, the implantable device canestablish a clinician telemetry session with the clinician device usinga second telemetry communication protocol (e.g., BLE) based ondetermining that a connection request, received via the second telemetrycommunication protocol, was transmitted by the clinician device based oninclusion of the clinician device identifier in the connection request.At 808, the implantable device can employ the security information toconduct the clinician telemetry session with the clinician device. Forexample, the implantable device can encrypt and decrypt datacommunicated between the implantable device and the clinician deviceusing the first session key. The implantable device can also include thesession identifier in messages transmitted by the implantable device tothe clinician device. At 810, the implantable device can render thesecurity information unusable to establish or conduct another telemetrysession between the implantable device and the clinician device oranother device at a later time based on closing of the cliniciantelemetry session. For example, the implantable device can remove thesecurity information from memory of the implantable device or render thesecurity information expired (e.g., using the security component 402).Accordingly, in order for the clinician device or another cliniciandevice to establish and conduct a new telemetry session with theimplantable device, the clinician device or the other clinician deviceand the implantable device can establish and exchange new securityinformation in association with a clinician session request.

Referring now to FIG. 9 , shown is a flow diagram of another examplemethod 900 configured to facilitate telemetry data communicationsecurity between an implantable (e.g. implantable device 104) and anexternal device (e.g., clinician device 116) in accordance with one ormore embodiments described herein. In one or more embodiments, aclinician device (e.g., clinician device 116) can employ a firsttelemetry communication component (e.g., first clinician devicetelemetry component 204), a second telemetry component (e.g., secondclinician device telemetry component 206), and a security component(e.g., security component 512) to facilitate establishing and performinga clinician session with an implantable device (e.g., implantable device104) in accordance with method 900. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

At 902, a clinician device including a processor (e.g., clinician device116) can send a clinician telemetry session request to an implantabledevice via a first telemetry communication protocol (e.g., aninduction-based protocol), the clinician telemetry session requestincluding a clinician device identifier (e.g., an RFM address associatedwith the clinician device). At 904, the clinician device can receivesecurity information from the implantable device via the first telemetrycommunication protocol based on the sending the clinician telemetrysession request, the security information including, a unique sessionidentifier (e.g., a unique UUID generated by the implantable devicebased on reception of the clinician telemetry session request), a firstsession encryption key (e.g., a link layer encryption key), and a secondsession encryption key (e.g., an application layer encryption key).

At 906, the clinician device can send a connection request to theimplantable device using a second telemetry communication protocol basedon receiving, via the second telemetry communication protocol, anadvertisement data packet including the unique session identifier, theconnection request including the clinician device identifier. At 908,the clinician device can perform a clinician telemetry session with theimplantable device using the first session encryption key and the secondsession encryption key based on acceptance of the connection request bythe implantable device based on inclusion of the clinician deviceidentifier in the connection request. For example, the clinician devicecan use the first session encryption key and the second sessionencryption key to encrypt transmitted data transmitted by the cliniciandevice to the implantable device (e.g., programming data, interrogationrequests, etc.), or to decrypt received data received by the cliniciandevice from the implantable device.

Referring now to FIG. 10 , shown is a flow diagram of another examplemethod 1000 configured to facilitate telemetry data communicationsecurity between an implantable device (e.g., implantable device 104)and an external device (e.g., clinician device 116) in accordance withone or more embodiments described herein. In one or more embodiments, aclinician device (e.g., clinician device 116) can employ a firsttelemetry communication component (e.g., first clinician devicetelemetry component 204), a second telemetry component (e.g., secondclinician device telemetry component 206), and a security component(e.g., security component 512) to facilitate establishing and performinga clinician session with an implantable device (e.g., implantable device104) in accordance with method 1000. Repetitive description of likeelements employed in other embodiments described herein is omitted forsake of brevity.

At 1002, a clinician device including a processor (e.g., cliniciandevice 116) can send a clinician telemetry session request to animplantable device via a first telemetry communication protocol (e.g.,an induction-based protocol), the clinician telemetry session requestincluding a clinician device identifier and security informationincluding a unique session identifier (e.g., a unique UUID generated bythe clinician device 116) and one or more session keys (e.g., a linklayer encryption key and/or an application layer encryption keygenerated by the clinician device 116). At 1004, the clinician devicecan transition from operating using the first telemetry communicationprotocol to using a second telemetry communication protocol (e.g., BLEprotocol). At 1006, the clinician device can send a connection requestto the implantable device using the second telemetry communicationprotocol based on receiving, via the second telemetry communicationprotocol, an advertisement data packet including the unique sessionidentifier. The connection request can include the clinician deviceidentifier. At 1008, the clinician device can perform a cliniciantelemetry session with the implantable device using the one or moresession keys based on acceptance of the connection request by theimplantable device based on inclusion of the clinician device identifierin the connection request. For example, the clinician device can use theone or more session keys to encrypt transmitted data transmitted by theclinician device to the implantable device (e.g., programming data,interrogation requests, etc.) or to decrypt received data received bythe clinician device from the implantable device.

FIG. 11 illustrates a block diagram of an example, non-limiting computeroperable to facilitate managing telemetry communication modes of animplantable device in accordance with one or more embodiments describedherein. For example, in some embodiments, the computer can be or beincluded within implantable device 104 and the clinician device 116.Repetitive description of like elements employed in other embodimentsdescribed herein is omitted for sake of brevity.

In order to provide additional context for one or more embodimentsdescribed herein, FIG. 11 and the following discussion are intended toprovide a brief, general description of a suitable computing environment1100 in which the one or more embodiments described herein can beimplemented.

Generally, program modules include routines, programs, components, datastructures, etc., that perform particular tasks or implement particularabstract data types. Moreover, those skilled in the art will appreciatethat the inventive methods can be practiced with other computer systemconfigurations, including single-processor or multiprocessor computersystems, minicomputers, mainframe computers, as well as personalcomputers, hand-held computing devices, microprocessor-based orprogrammable consumer electronics, and the like, each of which can beoperatively coupled to one or more associated devices.

Computing devices typically include a variety of media, which caninclude computer-readable storage media and/or communications media,which two terms are used herein differently from one another as follows.Computer-readable storage media can be any available storage media thatcan be accessed by the computer and includes both volatile andnonvolatile media, removable and non-removable media. By way of example,and not limitation, computer-readable storage media can be implementedin connection with any method or technology for storage of informationsuch as computer-readable instructions, program modules, structured dataor unstructured data. Tangible and/or non-transitory computer-readablestorage media can include, but are not limited to, random access memory(RAM), read only memory (ROM), electrically erasable programmable readonly memory (EEPROM), flash memory or other memory technology, compactdisk read only memory (CD-ROM), digital versatile disk (DVD) or otheroptical disk storage, magnetic cassettes, magnetic tape, magnetic diskstorage, other magnetic storage devices and/or other media that can beused to store desired information. Computer-readable storage media canbe accessed by one or more local or remote computing devices, e.g., viaaccess requests, queries or other data retrieval protocols, for avariety of operations with respect to the information stored by themedium.

In this regard, the term “tangible” herein as applied to storage,memory, computer-readable media or computer-readable storage media, isto be understood to exclude only propagating intangible signals per seas a modifier and does not relinquish coverage of all standard storage,memory, computer-readable media or computer-readable storage media thatare not only propagating intangible signals per se.

In this regard, the term “non-transitory” herein as applied to storage,memory, computer-readable media or computer-readable storage media, isto be understood to exclude only propagating transitory signals per seas a modifier and does not relinquish coverage of all standard storage,memory, computer-readable media or computer-readable storage media thatare not only propagating transitory signals per se.

Communications media typically embody computer-readable instructions,data structures, program modules or other structured or unstructureddata in a data signal such as a modulated data signal, e.g., a channelwave or other transport mechanism, and includes any information deliveryor transport media. The term “modulated data signal” or signals refersto a signal that has one or more of the data signal's characteristicsset or changed in such a manner as to encode information in one or moresignals. By way of example, and not limitation, communication mediainclude wired media, such as a wired network or direct-wired connection,and wireless media such as acoustic, RF, infrared and other wirelessmedia.

With reference again to FIG. 11 , example environment 1110 that can beemployed to implement one or more embodiments of the embodimentsdescribed herein includes computer 1112. Computer 1112 includesprocessing unit 1114, system memory 1116 and system bus 1118. System bus1118 couples system components including, but not limited to, systemmemory 1116 to processing unit 1114. Processing unit 1104 can be any ofvarious commercially available processors. Dual microprocessors andother multi-processor architectures can also be employed as processingunit 1104.

System bus 1108 can be any of several types of bus structure that canfurther interconnect to a memory bus (with or without a memorycontroller), a peripheral bus, and a local bus using any of a variety ofcommercially available bus architectures. System memory 1106 includesRAM 1110 and ROM 1112. A basic input/output system (BIOS) can be storedin a non-volatile memory such as ROM, erasable programmable read onlymemory (EPROM), EEPROM, which BIOS contains the basic routines that helpto transfer information between elements within computer 1102, such asduring startup. RAM 1110 can also include a high-speed RAM such asstatic RAM for caching data.

Computer 1102 further includes internal hard disk drive (HDD) 1114(e.g., Enhanced Integrated Drive Electronics (EIDE), Serial AdvancedTechnology Attachment (SATA)). HDD 1114 can be connected to system bus1108 by hard disk drive interface 1116. The drives and their associatedcomputer-readable storage media provide nonvolatile storage of data,data structures, computer-executable instructions, and so forth. Forcomputer 1102, the drives and storage media accommodate the storage ofany data in a suitable digital format.

A number of program modules can be stored in the drives and RAM 1110,including operating system 1136, one or more application programs 1138,other program modules 1140 and program data 1142. All or portions of theoperating system, applications, modules, and/or data can also be cachedin RAM 1110. The systems and methods described herein can be implementedutilizing various commercially available operating systems orcombinations of operating systems.

A mobile device can enter commands and information into computer 1102through one or more wireless input devices, e.g., wireless keyboard 1128and a pointing device, such as wireless mouse 1130. Other input devices(not shown) can include a smart phone, tablet, laptop, wand, wearabledevice or the like. These and other input devices are often connected tothe processing unit 1104 through input device interface 1118 that can becoupled to system bus 1108, but can be connected by other interfaces,such as a parallel port, an IEEE serial port, a game port and/or auniversal serial bus (USB) port.

Computer 1102 can operate in a networked environment using logicalconnections via wired and/or wireless communications to one or moreremote computers, such as remote computer(s) 1132. Remote computer(s)1132 can be a workstation, a server computer, a router, a personalcomputer, portable computer, microprocessor-based entertainmentappliance, a peer device or other common network node, and typicallyincludes many or all of the elements described relative to computer1102, although, for purposes of brevity, only memory/storage device 1134is illustrated. The logical connections depicted include wired/wirelessconnectivity to a local area network (LAN) 1126 and/or larger networks,e.g., WAN 1124, as well as smaller PANs involving a few devices (e.g.,at least two). LAN and WAN networking environments are commonplace inthe home, offices (e.g., medical facility offices, hospital offices) andcompanies, and facilitate enterprise-wide computer networks, such asintranets, all of which can connect to a global communications network(e.g., the Internet).

When used in a LAN networking environment, computer 1102 can beconnected to local network through a wired and/or wireless communicationnetwork interface or adapter 1120. Adapter 1120 can facilitate wired orwireless communication to LAN 1126, which can also include a wirelessaccess point (AP) connected to the LAN 1126 for communicating withadapter 1120.

When used in a WAN networking environment, computer 1102 can includemodem 1122 or can be connected to a communications server on WAN 1124 orhas other apparatus for establishing communications over WAN 1124, suchas by way of the Internet. Modem 1122, which can be internal or externaland a wired or wireless device, can be connected to system bus 1108 viainput device interface 1118. In a networked environment, program modulesdepicted relative to computer 1102 or portions thereof, can be stored ina remote memory/storage device. It will be appreciated that the networkconnections shown are example and other apparatus of establishing acommunications link between the computers can be used.

Computer 1102 can be operable to communicate with any wireless devicesor entities operatively disposed in wireless communication via anynumber of protocols, including, but not limited to, NFC, Wi-Fi and/orBLUETOOTH® wireless protocols. Thus, the communication can be a definedstructure as with a conventional network or simply an ad hoccommunication between at least two devices.

NFC can allow point-to-point connection to an NFC-enabled device in theNFC field of an IMD within the home or at any location. NFC technologycan be facilitated using an NFC-enabled smart phone, tablet or otherdevice that can be brought within 3-4 centimeters of an implanted NFCcomponent. NFC typically provides a maximum data rate of 424 kilobitsper second (Kbps), although data rates can range from 6.67 Kbps to 828Kbps. NFC typically operates at the frequency of 10.56 megahertz (MHz).NFC technology communication is typically over a range not exceeding 0.2meters (m) and setup time can be less than 0.1 seconds. Low power (e.g.,10 milliamperes (mAs)) reading of data can be performed by an NFCdevice.

Wi-Fi can allow connection to the Internet from a couch at home, a bedin a hotel room or a conference room at work, without wires. Wi-Fi is awireless technology similar to that used in a cell phone that enablessuch devices, e.g., computers, to send and receive data indoors and out.Wi-Fi networks use radio technologies called IEEE 802.11 (a, b, g, n,etc.) to provide secure, reliable, fast wireless connectivity. A Wi-Finetwork can be used to connect computers to each other, to the Internet,and to wired networks (which can use IEEE 802.3 or Ethernet). Wi-Finetworks operate in the unlicensed 2.4 and 5 GHz radio bands, at an 11Mbps (802.11a) or 54 Mbps (802.11b) data rate, for example or withproducts that contain both bands (dual band), so the networks canprovide real-world performance similar to the basic 10BaseT wiredEthernet networks used in many offices.

The embodiments of devices described herein can employ artificialintelligence (AI) to facilitate automating one or more featuresdescribed herein. The embodiments (e.g., in connection withautomatically identifying acquired cell sites that provide a maximumvalue/benefit after addition to an existing communication network) canemploy various AI-based schemes for carrying out one or more embodimentsthereof. Moreover, the classifier can be employed to determine a rankingor priority of each cell site of an acquired network. A classifier is afunction that maps an input attribute vector, x=(x1, x2, x3, x4, . . . ,xn), to a confidence that the input belongs to a class, that is,f(x)=confidence(class). Such classification can employ a probabilisticand/or statistical-based analysis (e.g., factoring into the analysisutilities and costs) to prognose or infer an action that a mobile devicedesires to be automatically performed. A support vector machine (SVM) isan example of a classifier that can be employed. The SVM operates byfinding a hypersurface in the space of possible inputs, which thehypersurface attempts to split the triggering criteria from thenon-triggering events. Intuitively, this makes the classificationcorrect for testing data that is near, but not identical to trainingdata. Other directed and undirected model classification approachesinclude, e.g., naïve Bayes, Bayesian networks, decision trees, neuralnetworks, fuzzy logic models, and probabilistic classification modelsproviding different patterns of independence can be employed.Classification as used herein also is inclusive of statisticalregression that is utilized to develop models of priority.

As will be readily appreciated, one or more of the embodiments canemploy classifiers that are explicitly trained (e.g., via a generictraining data) as well as implicitly trained (e.g., via observing mobiledevice behavior, operator preferences, historical information, receivingextrinsic information). For example, SVMs can be configured via alearning or training phase within a classifier constructor and featureselection module. Thus, the classifier(s) can be used to automaticallylearn and perform a number of functions, including but not limited todetermining according to a defined criteria which of the acquired cellsites will benefit a maximum number of subscribers and/or which of theacquired cell sites will add minimum value to the existing communicationnetwork coverage, etc.

As employed herein, the term “processor” can refer to substantially anycomputing processing unit or device including, but not limited to,single-core processors; single-processors with software multithreadexecution capability; multi-core processors; multi-core processors withsoftware multithread execution capability; multi-core processors withhardware multithread technology; parallel platforms; and parallelplatforms with distributed shared memory. Additionally, a processor canrefer to an integrated circuit, an application specific integratedcircuit (ASIC), a digital signal processor (DSP), a field programmablegate array (FPGA), a programmable logic controller (PLC), a complexprogrammable logic device (CPLD), a discrete gate or transistor logic,discrete hardware components or any combination thereof designed toperform the functions described herein. Processors can exploitnano-scale architectures such as, but not limited to, molecular andquantum-dot based transistors, switches and gates, in order to optimizespace usage or enhance performance of mobile device equipment. Aprocessor can also be implemented as a combination of computingprocessing units.

Memory disclosed herein can include volatile memory or nonvolatilememory or can include both volatile and nonvolatile memory. By way ofillustration, and not limitation, nonvolatile memory can include ROM,programmable ROM (PROM), electrically programmable ROM (EPROM),electrically erasable PROM (EEPROM) or flash memory. Volatile memory caninclude RAM, which acts as external cache memory. By way of illustrationand not limitation, RAM is available in many forms such as static RAM(SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rateSDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), anddirect Rambus RAM (DRRAM). The memory (e.g., data storages, databases)of the embodiments is intended to include, without being limited to,these and any other suitable types of memory.

As used herein, terms such as “data storage,” “database,” andsubstantially any other information storage component relevant tooperation and functionality of a component, refer to “memorycomponents,” or entities embodied in a “memory” or components includingthe memory. It will be appreciated that the memory components orcomputer-readable storage media, described herein can be either volatilememory or nonvolatile memory or can include both volatile andnonvolatile memory.

In addition, the words “example” and “exemplary” are used herein to meanserving as an instance or illustration. Any embodiment or designdescribed herein as “example” or “exemplary” is not necessarily to beconstrued as preferred or advantageous over other embodiments ordesigns. Rather, use of the word “example” or “exemplary” is intended topresent concepts in a concrete fashion. As used in this application, theterm “or” is intended to mean an inclusive “or” rather than an exclusive“or”. That is, unless specified otherwise or clear from context, “Xemploys A or B” is intended to mean any of the natural inclusivepermutations. That is, if X employs A; X employs B; or X employs both Aand B, then “X employs A or B” is satisfied under any of the foregoinginstances. In addition, the articles “a” and “an” as used in thisapplication should generally be construed to mean “one or more” unlessspecified otherwise or clear from context to be directed to a singularform. The terms “first,” “second,” “third,” and so forth, as used in theclaims and description, unless otherwise clear by context, is forclarity only and doesn't necessarily indicate or imply any order intime.

What has been described above includes mere examples of one or moreembodiments. It is, of course, not possible to describe everyconceivable combination of components or methodologies for purposes ofdescribing these examples, but one of ordinary skill in the art canrecognize that many further combinations and permutations of the presentembodiments are possible. Accordingly, the embodiments disclosed and/orclaimed herein are intended to embrace all such alterations,modifications and variations that fall within the spirit and scope ofthe detailed description and the appended claims. Furthermore, to theextent that the term “includes” is used in either the detaileddescription or the claims, such term is intended to be inclusive in amanner similar to the term “comprising” as “comprising” is interpretedwhen employed as a transitional word in a claim.

What is claimed is:
 1. A device comprising: sensing circuitry configuredto obtain sensed physiological data corresponding to one or moreparameters associated with a patient; and processing circuitryconfigured to: receive, via first communication circuitry, a firstrequest according to a first telemetry communication protocol, whereinthe first request comprises a device identifier associated with a seconddevice; generate, based on receiving the first request comprising thedevice identifier, security information comprising a session identifierand a session key; send, via the first communication circuitry, thesecurity information according to the first telemetry communicationprotocol; activate, based on sending the security information comprisingthe session identifier and the session key according to the firsttelemetry communication protocol, telemetry communication by the devicevia a second telemetry communication protocol by activating secondcommunication circuitry separate from the first communication circuitry,wherein the first telemetry communication protocol is associated withfirst wireless data communication over a first distance and the secondtelemetry communication protocol is associated with second wireless datacommunication over a second distance greater than the first distance;receive, via the second communication circuitry, a second requestaccording to the second telemetry communication protocol, wherein thesecond request comprises the device identifier; and establish, using thesecurity information, a telemetry session with the second deviceaccording to the second telemetry communication protocol based oninclusion of the device identifier in the second request.
 2. The deviceof claim 1, wherein the first telemetry communication protocol comprisesa proprietary telemetry communication protocol and the second telemetrycommunication protocol comprises a non-proprietary telemetrycommunication protocol.
 3. The device of claim 1, wherein the firsttelemetry communication protocol comprises an induction-based telemetrycommunication protocol and the second telemetry communication protocolcomprises a Bluetooth® low energy based telemetry communicationprotocol.
 4. The device of claim 1, wherein the processing circuitry isfurther configured to transmit, via the second communication circuitry,one or more advertisement data packets comprising the session identifieraccording to the second telemetry communication protocol in response toactivating the telemetry communication by the device according to thesecond telemetry communication protocol by activating the secondcommunication circuitry.
 5. The device of claim 4, wherein theprocessing circuitry is further configured to receive, via the secondcommunication circuitry, the second request in response to reception ofat least one advertisement data packet of the one or more advertisementdata packets by the second device, the at least one advertisement datapacket including the session identifier.
 6. The device of claim 1,wherein after establishing the telemetry session, the processingcircuitry is configured to: encrypt a set of data transmitted by thedevice using the session key during the telemetry session with thesecond device; and decrypt a set of data received by the device usingthe session key during the telemetry session with the second device. 7.The device of claim 6, wherein the session key is a first session key,wherein the set of data transmitted by the device represents a first setof data, wherein the set of data received by the device represents asecond set of data, wherein to generate the security information, theprocessing circuitry is further configured to generate a second sessionkey, and wherein the processing circuitry is further configured to:encrypt a third set of data transmitted by the device using the secondsession key during the telemetry session with the second device, whereinthe first set of data represents a first data type, and wherein thethird set of data represents a second data type; and decrypt a fourthset of data received by the device using the second session key duringthe telemetry session with the second device.
 8. The device of claim 1,wherein after establishing the telemetry session, the processingcircuitry is further configured to: communicate with the second devicevia the second communication circuitry using the security informationduring the telemetry session with the second device; and render thesecurity information unusable to establish or perform another telemetrysession including the device after a termination of the telemetrysession.
 9. The device of claim 1, wherein the processing circuitry isfurther configured to: terminate the telemetry session; and render thesecurity information unusable to establish or perform another telemetrysession with the device after a failure of the device to re-establishthe telemetry session using the security information within a definedperiod of time after the termination of the telemetry session.
 10. Thedevice of claim 1, wherein the telemetry session comprises a first typeof telemetry session, wherein the security information comprises firstsecurity information and wherein the processor is further configured to:receive second security information from a remote server device forestablishing a second type of telemetry session with a third device;employ the second security information to establish a trustedrelationship with the third device and store information associating amonitoring device identifier for the third device in the memory; andestablish the second type of telemetry session with the third deviceusing the second telemetry communication protocol based on determiningthat the monitoring session request, received via the second telemetrycommunication protocol, was transmitted by the third device based oninclusion of the monitoring device identifier in the monitoring sessionrequest.
 11. The device of claim 10, wherein the device is furtherconfigured to: communicate a first type of information with the seconddevice during the first type of telemetry session; and communicate asecond type of information with the third device during the second typeof telemetry session, wherein the first type of information represents afirst level of sensitivity and the second type of information representsa second level of sensitivity, and wherein the first level ofsensitivity is greater than the second level of sensitivity.
 12. Thedevice of claim 10, wherein the device is configured to perform one-wayand two-way communications with the second device during the first typeof telemetry session, and wherein the device is configured to performone-way and forgo two-way communications with the monitoring deviceduring the second type of telemetry session.
 13. The device of claim 10,wherein the device is configured to receive programming information fromthe second device during the first type of telemetry session and forgoreceipt of the programming information from the third device during thesecond type of telemetry session.
 14. A method comprising: obtaining, bysensing circuitry of a device, sensed physiological data correspondingto one or more parameters associated with a patient; and receiving, byprocessing circuitry of the device via first communication circuitry, afirst request according to a first telemetry communication protocol,wherein the first request comprises a device identifier associated witha second device; generating, by the processing circuitry based onreceiving the first request comprising the device identifier, securityinformation comprising a session identifier and a session key; sending,by the processing circuitry via the first communication circuitry, thesecurity information according to the first telemetry communicationprotocol; activating, by the processing circuitry based on sending thesecurity information comprising the session identifier and the sessionkey according to the first telemetry communication protocol byactivating second communication circuitry separate from the firstcommunication circuitry, telemetry communication by the device via asecond telemetry communication protocol, wherein the first telemetrycommunication protocol is associated with first wireless datacommunication over a first distance and the second telemetrycommunication protocol is associated with second wireless datacommunication over a second distance greater than the first distance;receiving, by the processing circuitry via the second communicationcircuitry, a second request according to the second telemetrycommunication protocol, wherein the second request comprises the deviceidentifier; and establishing, by the processing circuitry using thesecurity information, a telemetry session with the second deviceaccording to the second telemetry communication protocol based oninclusion of the device identifier in the second request.
 15. The methodof claim 14, further comprising transmitting, by the processingcircuitry via the second communication circuitry, one or moreadvertisement data packets comprising the session identifier accordingto the second telemetry communication protocol in response to activatingthe telemetry communication by the device according to the secondtelemetry communication protocol by activating the second communicationcircuitry.
 16. The method of claim 15, further comprising receiving, bythe processing circuitry via the second communication circuitry, thesecond request in response to reception of at least one advertisementdata packet of the one or more advertisement data packets by the seconddevice, the at least one advertisement data packet including the sessionidentifier.
 17. The method of claim 14, further comprising: terminating,by the processing circuitry, the telemetry session; and rendering, bythe processing circuitry, the security information unusable to establishor perform another telemetry session with the device after a failure ofthe device to re-establish the telemetry session using the securityinformation within a defined period of time after the termination of thetelemetry session.
 18. The method of claim 14, wherein the telemetrysession comprises a first type of telemetry session, wherein thesecurity information comprises first security information, and whereinthe method further comprises: receiving, by the processing circuitry,second security information from a remote server device for establishinga second type of telemetry session with a third device; employing, bythe processing circuitry, the second security information to establish atrusted relationship with the third device and store informationassociating a monitoring device identifier for the third device in thememory; and establishing, by the processing circuitry, the second typeof telemetry session with the third device using the second telemetrycommunication protocol based on determining that the monitoring sessionrequest, received via the second telemetry communication protocol, wastransmitted by the third device based on inclusion of the monitoringdevice identifier in the monitoring session request.
 19. Anon-transitory computer-readable medium comprising instructions forcausing one or more processors of a device to: obtain sensedphysiological data corresponding to one or more parameters associatedwith a patient; and receive, via first communication circuitry, a firstrequest according to a first telemetry communication protocol, whereinthe first request comprises a device identifier associated with a seconddevice; generate, based on receiving the first request comprising thedevice identifier, security information comprising a session identifierand a session key; send, via the first communication circuitry, thesecurity information according to the first telemetry communicationprotocol; activate, based on sending the security information comprisingthe session identifier and the session key according to the firsttelemetry communication protocol, telemetry communication by the devicevia a second telemetry communication protocol by activating secondcommunication circuitry separate from the first communication circuitry,wherein the first telemetry communication protocol is associated withfirst wireless data communication over a first distance and the secondtelemetry communication protocol is associated with second wireless datacommunication over a second distance greater than the first distance;receive, via the second communication circuitry, a second requestaccording to the second telemetry communication protocol, wherein thesecond request comprises the device identifier; and establish, using thesecurity information, of telemetry session with the second deviceaccording to the second telemetry communication protocol based oninclusion of the device identifier in the second request.